PT-2012-4030 · Microsoft+1 · Internet Explorer+1

Derek Soeder

Published

2012-04-25

Updated

2021-07-23

CVE-2012-2419

CVSS v2.0

1.8

Low

Vector

AV:A/AC:H/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Intuit QuickBooks versions 2009 through 2012

Description A memory leak issue exists in the intu-help-qb handlers within HelpAsyncPluggableProtocol.dll. This occurs when Internet Explorer is used and a URI contains multiple references to the same name-value pair, allowing remote attackers to cause a denial of service due to memory consumption.

Recommendations For Intuit QuickBooks versions 2009 through 2012, consider restricting the use of Internet Explorer or avoiding URIs with multiple references to the same name-value pair until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2012-2419

Affected Products

Internet Explorer

Intuit Quickbooks

PT-2012-4030 · Microsoft+1 · Internet Explorer+1

CVE-2012-2419

Weakness Enumeration

Related Identifiers

Affected Products

References · 4