Lucene search

[email protected]NVD:CVE-2012-2418

HistoryApr 25, 2012 - 8:55 p.m.

CVE-2012-2418

2012-04-2520:55:01

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

AI Score

8.3

Confidence

High

EPSS

0.027

Percentile

90.4%

JSON

Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a URI with a % (percent) character as its (1) last or (2) second-to-last character.

Affected configurations

Nvd

Node

intuitquickbooksMatch2009

intuitquickbooksMatch2010

intuitquickbooksMatch2011

intuitquickbooksMatch2012

AND

microsoftinternet_explorer

VendorProductVersionCPE
intuitquickbooks2009cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*
intuitquickbooks2010cpe:2.3:a:intuit:quickbooks:2010:*:*:*:*:*:*:*
intuitquickbooks2011cpe:2.3:a:intuit:quickbooks:2011:*:*:*:*:*:*:*
intuitquickbooks2012cpe:2.3:a:intuit:quickbooks:2012:*:*:*:*:*:*:*
microsoftinternet_explorer*cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intuit	quickbooks	2009	cpe:2.3:a:intuit:quickbooks:2009:::::::*
intuit	quickbooks	2010	cpe:2.3:a:intuit:quickbooks:2010:::::::*
intuit	quickbooks	2011	cpe:2.3:a:intuit:quickbooks:2011:::::::*
intuit	quickbooks	2012	cpe:2.3:a:intuit:quickbooks:2012:::::::*
microsoft	internet_explorer	*	cpe:2.3:a:microsoft:internet_explorer::::::::

References

osvdb.org/80820

www.kb.cert.org/vuls/id/232979

www.securityfocus.com/archive/1/522138

exchange.xforce.ibmcloud.com/vulnerabilities/75170

CVSS2

6.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

AI Score

8.3

Confidence

High

EPSS

0.027

Percentile

90.4%

JSON

Related for NVD:CVE-2012-2418

prion1 cve1 cvelist1 nessus1