10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.661 Medium
EPSS
Percentile
97.9%
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an “uninitialized pointer.”
archives.neohapsis.com/archives/bugtraq/2012-03/0153.html
dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb
osvdb.org/80662
packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html
packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html
secunia.com/advisories/48566
www.exploit-db.com/exploits/18674
www.securityfocus.com/bid/52765
exchange.xforce.ibmcloud.com/vulnerabilities/74448