CVE-2012-5896 | Vulnerability Database | Aqua Security

The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an uninitialized pointer.

Affected Software

Name	Vendor	Start Version	End Version
Intrust	Quest	*	10.4.0.853 (including)
Intrust	Quest	10.1 (including)	10.1 (including)
Intrust	Quest	10.2.5 (including)	10.2.5 (including)
Intrust	Quest	10.3 (including)	10.3 (including)
Intrust	Quest	10.4 (including)	10.4 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html
http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb
http://osvdb.org/80662
http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html
http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html
http://secunia.com/advisories/48566
http://www.exploit-db.com/exploits/18674
http://www.securityfocus.com/bid/52765
https://exchange.xforce.ibmcloud.com/vulnerabilities/74448
http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html
http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb
http://osvdb.org/80662
http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html
http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html
http://secunia.com/advisories/48566
http://www.exploit-db.com/exploits/18674
http://www.securityfocus.com/bid/52765
https://exchange.xforce.ibmcloud.com/vulnerabilities/74448

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5896
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html