9.3

CVE-2012-5897

Exploit
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QuestIntrust Version <= 10.4.0.853
QuestIntrust Version10.1
QuestIntrust Version10.2.5
QuestIntrust Version10.3
QuestIntrust Version10.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.83% 0.887
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/48566
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html
Exploit
http://osvdb.org/80664
http://www.exploit-db.com/exploits/18672
Exploit
http://www.securityfocus.com/bid/52773
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/74442