Quest InTrust 'ArDoc.dll' Multiple Insecure Method Vulnerabilities

Bugtraq ID:	52773
Class:	Design Error
CVE:	CVE-2012-5897
Remote:	Yes
Local:	No
Published:	Mar 28 2012 12:00AM
Updated:	Jan 11 2013 01:10PM
Credit:	rgod
Vulnerable:	Quest Software InTrust 10.4
Not Vulnerable:

Quest InTrust 'ArDoc.dll' Multiple Insecure Method Vulnerabilities

Quest InTrust is prone to multiple insecure-method vulnerabilities.

Successfully exploiting this issue will allow attackers to create or overwrite files within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. Attackers may be able to execute arbitrary code with user-level privileges.

Quest InTrust 10.4.X is vulnerable; other versions may also be affected.

Quest InTrust 'ArDoc.dll' Multiple Insecure Method Vulnerabilities

To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted Web page.

The following example codes are available:

• /data/vulnerabilities/exploits/52773.html1
• /data/vulnerabilities/exploits/52773.html2

Quest InTrust 'ArDoc.dll' Multiple Insecure Method Vulnerabilities

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Quest InTrust 'ArDoc.dll' Multiple Insecure Method Vulnerabilities

References:

• InTrust Homepage (Quest Software)
  
• Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Contro ([email protected])