PT-2012-4031 · Microsoft+1 · Internet Explorer+2
Derek Soeder
·
Publicado
2012-04-25
·
Atualizado
2021-07-23
·
CVE-2012-2420
CVSS v2.0
1.8
Baixa
| Vetor | AV:A/AC:H/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Intuit QuickBooks versions 2009 through 2012
Description
The issue concerns the intu-help-qb handlers in HelpAsyncPluggableProtocol.dll. It might allow remote attackers to obtain sensitive information via a URI with a % (percent) character as its last or second-to-last character. This can happen when Internet Explorer is used and a certain "post-URL data" buffer contains a 0x0000 character but a buffer overflow does not occur.
Recommendations
For Intuit QuickBooks versions 2009 through 2012, consider avoiding the use of Internet Explorer or restricting access to the HelpAsyncPluggableProtocol.dll handlers until a fix is available. As a temporary workaround, avoid using URIs with a % (percent) character as the last or second-to-last character.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Helpasyncpluggableprotocol.Dll
Internet Explorer
Intuit Quickbooks