CVE-2012-2419

low

Published 2012-04-25 · Modified 2026-04-29

CVSS v3

—

CVSS v2

1.8

VIR risk

1.8

Description

Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory consumption) via a URI with multiple references to the same name-value pair.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions
intuit	quickbooks	`2009`
intuit	quickbooks	`2010`
intuit	quickbooks	`2011`
intuit	quickbooks	`2012`
microsoft	internet_explorer

References

http://www.kb.cert.org/vuls/id/232979
http://www.securityfocus.com/archive/1/522138
https://exchange.xforce.ibmcloud.com/vulnerabilities/75171
http://www.kb.cert.org/vuls/id/232979
http://www.securityfocus.com/archive/1/522138
https://exchange.xforce.ibmcloud.com/vulnerabilities/75171

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.