CVE-2012-5897

{"id": "CVE-2012-5897", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-11-17T21:55:04.547", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/80664", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/48566", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/18672", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/52773", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74442", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/80664", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/48566", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/18672", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/52773", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74442", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument."}, {"lang": "es", "value": "Las clases (1) SimpleTree y (2) ReportTree del control ActiveX ARDoc (ARDoc.dll) de Quest InTrust versi\u00f3n 10.4.0.853 y anteriores, no implementan apropiadamente el m\u00e9todo SaveToFile, que permite a los atacantes remotos escribir o sobrescribir archivos arbitrarios por medio del argumento bstrFileName."}], "lastModified": "2024-11-21T01:45:28.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:quest:intrust:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08DD2C80-65FB-482D-9620-DFE2BBB00400", "versionEndIncluding": "10.4.0.853"}, {"criteria": "cpe:2.3:a:quest:intrust:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74FF8E78-6672-4684-B3CF-2CB66804E6D3"}, {"criteria": "cpe:2.3:a:quest:intrust:10.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0577BD5-3A66-4504-B0E1-9CDF8C815FF8"}, {"criteria": "cpe:2.3:a:quest:intrust:10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E0928E0-1543-4937-BF1F-990F5E98D930"}, {"criteria": "cpe:2.3:a:quest:intrust:10.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD6918D2-BE12-40AE-985A-83FEEF738834"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}