CVE-2012-2424

The intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service NULL pointer dereference and application crash via a URI that lac...

CVE-2012-2423

The intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different responses to remote requests depending on whether a ZIP pathname is valid, which allows remote...

Path traversal

Absolute path traversal vulnerability in the intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a...

Design/Logic Flaw

The intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service application crash via a long URI...

Memory corruption

Memory leak in the intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service memory consumption via a URI with multiple...

CVE-2012-2425

The intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service application crash via a long URI...

CVE-2012-2423

The CVE-2012-2423 entry concerns Intuit QuickBooks 2009–2012 where the intu-help-qb (Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll, when used with Internet Explorer, respond differently to remote requests based on whether a ZIP pathname is valid. This beh...

CVE-2012-2423

The intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different responses to remote requests depending on whether a ZIP pathname is valid, which allows remote...

Intuit Help System Heap Corruption / Memory Leak

Intuit Help System Protocol URL Heap Corruption and Memory Leak Derek Soeder [email protected] Reported to [email protected] on March 15, 2012; vendor did not respond. Reported to CERT on March 22, 2012; vendor did not respond. Responsible disclosure failed with error code 10060. Published:...