What is CVE-2012-5896?

CVE-2012-5896 is a vulnerability in Quest Intrust. Published 2012-11-17.

Is CVE-2012-5896 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Quest Intrust

CVE-2012-5896

The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first…

EPSS: 0.813 (99.2th percentile) — read the EPSS interpretation.

Affected products

Quest Intrust — versions 10.1, 10.2.5, 10.3
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

18674 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (Exploit, x_refsource_MISC)
80662 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (Exploit, x_refsource_MISC)
intrust-annotatex-code-execution(74448) (vdb-entry, x_refsource_XF)
20120328 Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution (mailing-list, Exploit, x_refsource_BUGTRAQ)
52765 (Exploit, vdb-entry, x_refsource_BID)
48566 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2012-5896?: CVE-2012-5896 is a vulnerability in Quest Intrust. Published 2012-11-17.
Is CVE-2012-5896 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.