Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2424

Overview

Vulnerability Score 1.8 1.8
CVE Id CVE-2012-2424
Last Modified 27 Apr 2012 12:00:00
Published 25 Apr 2012 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-2424

Summary

The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a URI that lacks a required delimiter.

Vulnerable Systems

Application

  • Intuit Quickbooks 2009

  • Intuit Quickbooks 2010

  • Intuit Quickbooks 2011

  • Intuit Quickbooks 2012


References

CERT-VN - VU#232979

BUGTRAQ - 20120330 Intuit Help System Protocol File Retrieval

BUGTRAQ - 20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak


Last Updated: 27 May 2016 10:49:35