CVE-2012-2424 | Vulnerability Database | Aqua Security

The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a URI that lacks a required delimiter.

Affected Software

Name	Vendor	Start Version	End Version
Quickbooks	Intuit	2009 (including)	2009 (including)
Quickbooks	Intuit	2010 (including)	2010 (including)
Quickbooks	Intuit	2011 (including)	2011 (including)
Quickbooks	Intuit	2012 (including)	2012 (including)

References

http://www.kb.cert.org/vuls/id/232979
http://www.securityfocus.com/archive/1/522138
http://www.securityfocus.com/archive/1/522139
https://exchange.xforce.ibmcloud.com/vulnerabilities/75175
http://www.kb.cert.org/vuls/id/232979
http://www.securityfocus.com/archive/1/522138
http://www.securityfocus.com/archive/1/522139
https://exchange.xforce.ibmcloud.com/vulnerabilities/75175

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2424
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html