PT-2012-4029 · Microsoft+1 · Internet Explorer+1
Derek Soeder
·
Published
2012-04-25
·
Updated
2021-07-23
·
CVE-2012-2418
CVSS v2.0
6.8
Medium
| Vector | AV:A/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Intuit QuickBooks versions 2009 through 2012
Description
The issue is related to a heap-based buffer overflow in the intu-help-qb handlers in HelpAsyncPluggableProtocol.dll. This occurs when Internet Explorer is used and a URI with a % (percent) character as its last or second-to-last character is accessed. The result can be a denial of service due to memory corruption or possibly the execution of arbitrary code.
Recommendations
For Intuit QuickBooks versions 2009 through 2012, consider avoiding the use of Internet Explorer or restricting access to URIs that contain a % (percent) character as their last or second-to-last character until a fix is available. As a temporary workaround, disabling the intu-help-qb handlers in HelpAsyncPluggableProtocol.dll may help minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Internet Explorer
Intuit Quickbooks