10

CVE-2012-5896

Exploit

EPSS 81.34%
Veröffentlicht 17.11.2012 21:55:04
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Quest ≫ Intrust Version <= 10.4.0.853

Quest ≫ Intrust Version10.1

Quest ≫ Intrust Version10.2.5

Quest ≫ Intrust Version10.3

Quest ≫ Intrust Version10.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	81.34%	0.991

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html

Exploit

http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb

Exploit

http://osvdb.org/80662

http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html

http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html

Exploit

http://secunia.com/advisories/48566

Vendor Advisory

http://www.exploit-db.com/exploits/18674

Exploit

http://www.securityfocus.com/bid/52765

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/74448

https://nvd.nist.gov/vuln/detail/CVE-2012-5896

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5896

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5896

EUVD