CVE-2012-5897

Published: Nov 17, 2012Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.

Affected (5)

Products: Quest: Intrust

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Quest Intrust	Up to 10.4.0.853
Quest Intrust	Version 10.1
Quest Intrust	Version 10.2.5
Quest Intrust	Version 10.3
Quest Intrust	Version 10.4

Related CWEs

References (12)

http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html

Source: cve@mitre.org

Exploit

http://osvdb.org/80664

Source: cve@mitre.org

http://secunia.com/advisories/48566

Source: cve@mitre.org

Vendor Advisory

http://www.exploit-db.com/exploits/18672

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/52773

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/74442

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://osvdb.org/80664

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48566

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.exploit-db.com/exploits/18672

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/52773

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/74442

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.