Quest InTrust 'AnnotateX.dll' Uninitialized Pointer Code Execution Vulnerability

Bugtraq ID:	52765
Class:	Unknown
CVE:	CVE-2012-5896
Remote:	Yes
Local:	No
Published:	Mar 28 2012 12:00AM
Updated:	Jan 11 2013 01:10PM
Credit:	nospam
Vulnerable:	Quest Software InTrust 10.4
Not Vulnerable:

Quest InTrust 'AnnotateX.dll' Uninitialized Pointer Code Execution Vulnerability

Quest InTrust is prone to a remote code-execution vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.

Quest InTrust 10.4.X is vulnerable; other versions may also be affected.

Quest InTrust 'AnnotateX.dll' Uninitialized Pointer Code Execution Vulnerability

The following proof-of-concept are available:

• /data/vulnerabilities/exploits/52765.txt
• /data/vulnerabilities/exploits/52765-1.txt

Quest InTrust 'AnnotateX.dll' Uninitialized Pointer Code Execution Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Quest InTrust 'AnnotateX.dll' Uninitialized Pointer Code Execution Vulnerability

References:

• InTrust Homepage (Quest Software)
  
• Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitial ([email protected])