Vulnerability Description
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quest | Intrust | <= 10.4.0.853 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.htmlExploit
- http://osvdb.org/80664
- http://secunia.com/advisories/48566Vendor Advisory
- http://www.exploit-db.com/exploits/18672Exploit
- http://www.securityfocus.com/bid/52773Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74442
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.htmlExploit
- http://osvdb.org/80664
- http://secunia.com/advisories/48566Vendor Advisory
- http://www.exploit-db.com/exploits/18672Exploit
- http://www.securityfocus.com/bid/52773Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74442
FAQ
What is CVE-2012-5897?
CVE-2012-5897 is a vulnerability with a CVSS score of 9.3 (HIGH). The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote atta...
How severe is CVE-2012-5897?
CVE-2012-5897 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5897?
Check the references section above for vendor advisories and patch information. Affected products include: Quest Intrust.