ID |
CVE-2012-5896
|
Summary |
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer." |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:quest:intrust:10.1:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.1:*:*:*:*:*:*:*
-
cpe:2.3:a:quest:intrust:10.2.5:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.2.5:*:*:*:*:*:*:*
-
cpe:2.3:a:quest:intrust:10.3:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.3:*:*:*:*:*:*:*
-
cpe:2.3:a:quest:intrust:10.4:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.4:*:*:*:*:*:*:*
-
cpe:2.3:a:quest:intrust:10.4.0.853:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.4.0.853:*:*:*:*:*:*:*
|
CVSS |
Base: | 10.0 (as of 29-08-2017 - 01:32) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
bid | 52765 | bugtraq | 20120328 Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution | exploit-db | 18674 | misc | | osvdb | 80662 | secunia | 48566 | xf | intrust-annotatex-code-execution(74448) |
|
saint
via4
|
bid | 52765 | description | Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability | osvdb | 80662 | title | quest_intrust_annotatexdll_activex_add | type | client |
|
Last major update |
29-08-2017 - 01:32 |
Published |
17-11-2012 - 21:55 |
Last modified |
29-08-2017 - 01:32 |