The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an uninitialized pointer.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Intrust | Quest | * | 10.4.0.853 (including) |
| Intrust | Quest | 10.1 (including) | 10.1 (including) |
| Intrust | Quest | 10.2.5 (including) | 10.2.5 (including) |
| Intrust | Quest | 10.3 (including) | 10.3 (including) |
| Intrust | Quest | 10.4 (including) | 10.4 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html
- http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb
- http://osvdb.org/80662
- http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html
- http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html
- http://secunia.com/advisories/48566
- http://www.exploit-db.com/exploits/18674
- http://www.securityfocus.com/bid/52765
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74448
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html
- http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rb
- http://osvdb.org/80662
- http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html
- http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html
- http://secunia.com/advisories/48566
- http://www.exploit-db.com/exploits/18674
- http://www.securityfocus.com/bid/52765
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74448