Vulnerabilities > CVE-2012-5896 - Unspecified vulnerability in Quest Intrust

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
quest
critical
exploit available
metasploit

Summary

The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."

Vulnerable Configurations

Part Description Count
Application
Quest
5

Exploit-Db

  • descriptionQuest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution. CVE-2012-5896. Remote exploit for windows ...
    fileexploits/windows/remote/18674.txt
    idEDB-ID:18674
    last seen2016-02-02
    modified2012-03-28
    platformwindows
    port
    published2012-03-28
    reporterrgod
    sourcehttps://www.exploit-db.com/download/18674/
    titleQuest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution
    typeremote
  • descriptionQuest InTrust Annotation Objects Uninitialized Pointer. CVE-2012-5896. Remote exploit for windows platform
    idEDB-ID:18735
    last seen2016-02-02
    modified2012-04-13
    published2012-04-13
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/18735/
    titleQuest InTrust Annotation Objects Uninitialized Pointer

Metasploit

descriptionThis module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The ActiveX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.
idMSF:EXPLOIT/WINDOWS/BROWSER/INTRUST_ANNOTATEX_ADD
last seen2020-06-10
modified2017-10-05
published2012-04-12
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5896
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/intrust_annotatex_add.rb
titleQuest InTrust Annotation Objects Uninitialized Pointer

Saint

bid52765
descriptionQuest InTrust Annotation Objects ActiveX Control Add Method Vulnerability
osvdb80662
titlequest_intrust_annotatexdll_activex_add
typeclient