CVE-2012-2418

Name of the Vulnerable Software and Affected Versions Intuit QuickBooks versions 2009 through 2012

Description The issue is related to a heap-based buffer overflow in the intu-help-qb handlers in HelpAsyncPluggableProtocol.dll. This occurs when Internet Explorer is used and a URI with a % (percent) character as its last or second-to-last character is accessed. The result can be a denial of service due to memory corruption or possibly the execution of arbitrary code.

Recommendations For Intuit QuickBooks versions 2009 through 2012, consider avoiding the use of Internet Explorer or restricting access to URIs that contain a % (percent) character as their last or second-to-last character until a fix is available. As a temporary workaround, disabling the intu-help-qb handlers in HelpAsyncPluggableProtocol.dll may help minimize the risk of exploitation.