Remote File Overwrite Vulnerability in Quest InTrust ActiveX Control
CVE-2012-5897

Currently unrated

Key Information:

Vendor: Quest
Status: Intrust
Vendor: CVE Published:; 17 November 2012

What is CVE-2012-5897?

The ARDoc ActiveX control (ARDoc.dll) in Quest InTrust versions up to 10.4.0.853 contains a vulnerability in its SimpleTree and ReportTree classes. The SaveToFile method is not properly implemented, allowing remote attackers to manipulate the bstrFileName argument. This flaw opens the door for exploitation, permitting attackers to write or overwrite arbitrary files on the affected systems. Such vulnerabilities pose significant security risks, leading to unauthorized data access and potential system compromise.

References

http://www.securityfocus.com/bid/52773

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2012-03/01...

mailing-listx_refsource_BUGTRAQ

http://www.exploit-db.com/exploits/18672

exploitx_refsource_EXPLOIT-DB

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2012
Vulnerability Reserved
Nov 17, 2012