OSVDB ID: 80662

Title: Quest InTrust ActiveX (AnnotateX.dll) Add() Method Remote Code Execution

Info

Disclosure

Mar 29, 2012

Discovery

Unknown

Dates

Exploit

Mar 28, 2012

Solution

Unknown

Description

Quest InTrust contains a flaw related to the Annotatex.dll library. The issue is triggered when a remote attacker invokes the Add() method. This may allow an attacker to execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Quest Software, Inc.

InTrust

10.4

References

Exploit Database: 18674 18735
CVE ID: 2012-5896 (see also: NVD)
Secunia Advisory ID: 48566
Bugtraq ID: 52765
ISS X-Force ID: 74448
Metasploit ID: 80662
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html
http://seclists.org/bugtraq/2012/Mar/152
Other Advisory URL: http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb
Packet Storm: http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html
http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html
Vendor URL: http://www.quest.com/intrust/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/80662