| ID |
CVE-2012-5896
|
| Summary |
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:quest:intrust:10.1:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.1:*:*:*:*:*:*:*
-
cpe:2.3:a:quest:intrust:10.2.5:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.2.5:*:*:*:*:*:*:*
-
cpe:2.3:a:quest:intrust:10.3:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.3:*:*:*:*:*:*:*
-
cpe:2.3:a:quest:intrust:10.4:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.4:*:*:*:*:*:*:*
-
cpe:2.3:a:quest:intrust:10.4.0.853:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.4.0.853:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 10.0 (as of 29-08-2017 - 01:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 52765 | | bugtraq | 20120328 Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution | | exploit-db | 18674 | | misc | | | osvdb | 80662 | | secunia | 48566 | | xf | intrust-annotatex-code-execution(74448) |
|
| saint
via4
|
| bid | 52765 | | description | Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability | | osvdb | 80662 | | title | quest_intrust_annotatexdll_activex_add | | type | client |
|
| Last major update |
29-08-2017 - 01:32 |
| Published |
17-11-2012 - 21:55 |
| Last modified |
29-08-2017 - 01:32 |
