Vulnerability CVE-2012-5897
Published: 2012-11-17   Modified: 2012-11-18

Description:
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.

See advisories in our WLB2 database:
Topic
Author
Date
High
Quest InTrust 10.4.x Remote File Creation / Overwrite
rgod
18.11.2012

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Quest -> Intrust 

 References:
http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html
http://www.exploit-db.com/exploits/18672
http://www.securityfocus.com/bid/52773
https://exchange.xforce.ibmcloud.com/vulnerabilities/74442
Copyright 2024, cxsecurity.com

 

Back to Top