QwikSec

Security Database

CVE

CWE

Training

CVE-2012-5897

Published: Nov 17, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

20120328 Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability

mailing-list

x_refsource_BUGTRAQ

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_OSVDB

intrust-ardoc-file-overwrite(74442)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.