Lucene search

[email protected]CVE-2012-5896

HistoryNov 17, 2012 - 9:55 p.m.

CVE-2012-5896

2012-11-1721:55:04

[email protected]

web.nvd.nist.gov

cve-2012-5896

annotation objects

activex control

quest intrust

remote code execution

vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.661 Medium

EPSS

Percentile

97.9%

JSON

The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an “uninitialized pointer.”

Affected configurations

NVD

Node

questintrustRange≤10.4.0.853

questintrustMatch10.1

questintrustMatch10.2.5

questintrustMatch10.3

questintrustMatch10.4

CPENameOperatorVersion
quest:intrustquest intrustle10.4.0.853
quest:intrustquest intrusteq10.1
quest:intrustquest intrusteq10.2.5
quest:intrustquest intrusteq10.3
quest:intrustquest intrusteq10.4

CPE	Name	Operator	Version
quest:intrust	quest intrust	le	10.4.0.853
quest:intrust	quest intrust	eq	10.1
quest:intrust	quest intrust	eq	10.2.5
quest:intrust	quest intrust	eq	10.3
quest:intrust	quest intrust	eq	10.4

References

archives.neohapsis.com/archives/bugtraq/2012-03/0153.html

dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb

osvdb.org/80662

packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html

packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html

secunia.com/advisories/48566

www.exploit-db.com/exploits/18674

www.securityfocus.com/bid/52765

exchange.xforce.ibmcloud.com/vulnerabilities/74448

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.661 Medium

EPSS

Percentile

97.9%

JSON

Related for CVE-2012-5896

prion1 cvelist1 nvd1