Remote Code Execution Vulnerability in Quest InTrust's Annotation Objects Extension
CVE-2012-5896

Currently unrated

Key Information:

Vendor: Quest
Status: Intrust
Vendor: CVE Published:; 17 November 2012

What is CVE-2012-5896?

The Annotation Objects Extension ActiveX control in Quest InTrust is susceptible to a vulnerability due to improper implementation of the Add method in AnnotateX.dll. This flaw enables remote attackers to exploit an uninitialized pointer, allowing for arbitrary code execution through specially crafted arguments. Affected versions include Quest InTrust 10.4.0.853 and earlier, which could lead to significant security breaches if not addressed.

References

http://www.exploit-db.com/exploits/18674

exploitx_refsource_EXPLOIT-DB

http://dev.metasploit.com/redmine/projects/framework/repo...

x_refsource_MISC

http://osvdb.org/80662

vdb-entryx_refsource_OSVDB

EPSS Score

81% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2012
Vulnerability Reserved
Nov 17, 2012