Vulnerability Details : CVE-2012-2425
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) via a long URI.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2012-2425
- cpe:2.3:a:intuit:quickbooks:2010:*:*:*:*:*:*:*When used together with: Microsoft » Internet Explorer
- cpe:2.3:a:intuit:quickbooks:2011:*:*:*:*:*:*:*When used together with: Microsoft » Internet Explorer
- cpe:2.3:a:intuit:quickbooks:2012:*:*:*:*:*:*:*When used together with: Microsoft » Internet Explorer
- cpe:2.3:a:intuit:quickbooks:2009:*:*:*:*:*:*:*When used together with: Microsoft » Internet Explorer
Exploit prediction scoring system (EPSS) score for CVE-2012-2425
0.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2425
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.8
|
LOW | AV:A/AC:H/Au:N/C:N/I:N/A:P |
3.2
|
2.9
|
NIST |
CWE ids for CVE-2012-2425
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2425
-
http://packetstormsecurity.org/files/111403/Intuit-Help-System-Protocol-File-Retrieval.html
Intuit Help System Protocol File Retrieval ≈ Packet Storm
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75176
QuickBooks Intuit Help System Async Pluggable Protocol denial of service CVE-2012-2425 Vulnerability Report
-
http://www.kb.cert.org/vuls/id/232979
VU#232979 - Multiple vulnerabilities in Intuit QuickBooksUS Government Resource
-
http://www.securityfocus.com/archive/1/522139
SecurityFocusExploit
-
http://www.securityfocus.com/archive/1/522138
SecurityFocusExploit
Jump to