CVE-2012-5897

EUVD-2012-5771
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
questintrust
𝑥
≤ 10.4.0.853
questintrust
10.1
questintrust
10.2.5
questintrust
10.3
questintrust
10.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html
http://osvdb.org/80664
http://secunia.com/advisories/48566
http://www.exploit-db.com/exploits/18672
http://www.securityfocus.com/bid/52773
https://exchange.xforce.ibmcloud.com/vulnerabilities/74442
http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html
http://osvdb.org/80664
http://secunia.com/advisories/48566
http://www.exploit-db.com/exploits/18672
http://www.securityfocus.com/bid/52773
https://exchange.xforce.ibmcloud.com/vulnerabilities/74442