CVE-2012-5897

The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
questintrust
𝑥
≤ 10.4.0.853
questintrust
10.1
questintrust
10.2.5
questintrust
10.3
questintrust
10.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html
http://osvdb.org/80664
http://secunia.com/advisories/48566
http://www.exploit-db.com/exploits/18672
http://www.securityfocus.com/bid/52773
https://exchange.xforce.ibmcloud.com/vulnerabilities/74442
http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html
http://osvdb.org/80664
http://secunia.com/advisories/48566
http://www.exploit-db.com/exploits/18672
http://www.securityfocus.com/bid/52773
https://exchange.xforce.ibmcloud.com/vulnerabilities/74442