Vulnerability in Quest Intrust

CVE-2012-5897

The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary f…

EPSS: 0.107 (93.5th percentile) — read the EPSS interpretation.

Affected products

Quest Intrust — versions 10.1, 10.2.5, 10.3
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

52773 (Exploit, vdb-entry, x_refsource_BID)
20120328 Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability (mailing-list, Exploit, x_refsource_BUGTRAQ)
18672 (Exploit, exploit, x_refsource_EXPLOIT-DB)
80664 (x_refsource_OSVDB, vdb-entry)
intrust-ardoc-file-overwrite(74442) (vdb-entry, x_refsource_XF)
48566 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)