Vulnerability Description
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quest | Intrust | <= 10.4.0.853 |
References
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.htmlExploit
- http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exExploit
- http://osvdb.org/80662
- http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Obje
- http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-UniExploit
- http://secunia.com/advisories/48566Vendor Advisory
- http://www.exploit-db.com/exploits/18674Exploit
- http://www.securityfocus.com/bid/52765Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74448
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.htmlExploit
- http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exExploit
- http://osvdb.org/80662
- http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Obje
- http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-UniExploit
- http://secunia.com/advisories/48566Vendor Advisory
FAQ
What is CVE-2012-5896?
CVE-2012-5896 is a vulnerability with a CVSS score of 10.0 (HIGH). The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary...
How severe is CVE-2012-5896?
CVE-2012-5896 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5896?
Check the references section above for vendor advisories and patch information. Affected products include: Quest Intrust.