|Date: (C)2012-04-25 (M)2015-12-16|
|CVSS Score: 6.8||Access Vector: ADJACENT_NETWORK|
|Exploitability Subscore: 3.2||Access Complexity: HIGH|
|Impact Subscore: 10.0||Authentication: NONE|
| ||Confidentiality: COMPLETE|
| ||Integrity: COMPLETE|
| ||Availability: COMPLETE|
Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a URI with a % (percent) character as its (1) last or (2) second-to-last character.