Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2419

Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory consumption) via a URI with multiple references to the same name-value pair.

Published

2012-04-25T20:55:01.230

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 1.8 (LOW)

CVSSv2 Vector

AV:A/AC:H/Au:N/C:N/I:N/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

3.2

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-399
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application intuit quickbooks 2009 Yes
Application intuit quickbooks 2010 Yes
Application intuit quickbooks 2011 Yes
Application intuit quickbooks 2012 Yes
Application microsoft internet_explorer * No
References