CVE-2012-5896 Information
Description
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method which allows remote attackers to execute arbitrary code via a memory address in the first argument related to an \uninitialized pointer.\
Reference
http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb http://osvdb.org/80662 http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html http://secunia.com/advisories/48566 http://www.exploit-db.com/exploits/18674 http://www.securityfocus.com/bid/52765 https://exchange.xforce.ibmcloud.com/vulnerabilities/74448
Share on: