10

CVE-2012-5896

Exploit
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QuestIntrust Version <= 10.4.0.853
QuestIntrust Version10.1
QuestIntrust Version10.2.5
QuestIntrust Version10.3
QuestIntrust Version10.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 69.39% 0.993
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html
Exploit
http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb
Exploit
http://osvdb.org/80662
http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html
http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html
Exploit
http://secunia.com/advisories/48566
Vendor Advisory
http://www.exploit-db.com/exploits/18674
Exploit
http://www.securityfocus.com/bid/52765
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/74448