CVE

Id
59139  
CVE No.
CVE-2012-5896  
Status
Candidate  
Description
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."  
Phase
Assigned (20121117)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
603745 59139 CVE-2012-5896 BUGTRAQ:20120328 Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution  View
603746 59139 CVE-2012-5896 URL:http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html  View
603747 59139 CVE-2012-5896 EXPLOIT-DB:18674  View
603748 59139 CVE-2012-5896 URL:http://www.exploit-db.com/exploits/18674  View
603749 59139 CVE-2012-5896 MISC:http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb  View
603750 59139 CVE-2012-5896 MISC:http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html  View
603751 59139 CVE-2012-5896 MISC:http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html  View
603752 59139 CVE-2012-5896 BID:52765  View
603753 59139 CVE-2012-5896 URL:http://www.securityfocus.com/bid/52765  View
603754 59139 CVE-2012-5896 OSVDB:80662  View
603755 59139 CVE-2012-5896 URL:http://osvdb.org/80662  View
603756 59139 CVE-2012-5896 SECUNIA:48566  View
603757 59139 CVE-2012-5896 URL:http://secunia.com/advisories/48566  View
603758 59139 CVE-2012-5896 XF:intrust-annotatex-code-execution(74448)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
29689 JVNDB-2012-005396 DFLabs PTK におけるログなどを読まれる脆弱性 DFLabs PTK は、アクセスコントロールが不十分である Web ドキュメントルート配下に予測可能な名前でデータファイルを保存するため、ログ、画像、またはレポートを読まれる脆弱性が存在します。 CVE-2012-5901 59139 5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005396.html  View