Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5897

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-5897
Last Modified 15 Jan 2013 12:00:00
Published 17 Nov 2012 04:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5897

Summary

The (1) SimpleTree and (2) ReportTree classees in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.

Vulnerable Systems

Application

  • Quest Intrust 10.1

  • Quest Intrust 10.2.5

  • Quest Intrust 10.3

  • Quest Intrust 10.4

  • Quest Intrust 10.4.0.853


References

XF - intrust-ardoc-file-overwrite(74442)

BID - 52773

EXPLOIT-DB - 18672

SECUNIA - 48566

OSVDB - 80664

BUGTRAQ - 20120328 Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability


Last Updated: 27 May 2016 10:51:48