CVE-2012-5897
First published: Sat Nov 17 2012(Updated: )
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest InTrust | <=10.4.0.853 | |
| Quest InTrust | =10.1 | |
| Quest InTrust | =10.2.5 | |
| Quest InTrust | =10.3 | |
| Quest InTrust | =10.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/quest
- canonical/quest intrust
- version/quest intrust/10.4.0.853
- version/quest intrust/10.1
- version/quest intrust/10.2.5
- version/quest intrust/10.3
- version/quest intrust/10.4