CVE-2012-5896

Quest InTrust < 10.4.0.853 - Remote Code Execution via Annotation Objects ActiveX Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-5896. PoCs published by Metasploit, rgod, including Metasploit module exploits/windows/browser/intrust_annotatex_add.

AI-analyzed exploit summary This Metasploit module exploits an uninitialized pointer vulnerability in the Quest InTrust Annotation Objects ActiveX component (CVE-2012-5896). It uses heap spraying and ROP chains to achieve remote code execution on Windows systems with IE6/IE7/IE8.

Description

The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18735

This Metasploit module exploits an uninitialized pointer vulnerability in the Quest InTrust Annotation Objects ActiveX component (CVE-2012-5896). It uses heap spraying and ROP chains to achieve remote code execution on Windows systems with IE6/IE7/IE8.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Quest InTrust Annotation Objects ActiveX (AnnotateX.dll v1.0.32.0)
No auth needed
Prerequisites: Target must visit a malicious webpage · ActiveX component must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by rgod · textremotewindows
https://www.exploit-db.com/exploits/18674

This exploit targets an uninitialized pointer vulnerability in Quest InTrust 10.4.x's AnnotationX.AnnList.1 ActiveX control (ANNOTATEX.DLL). By invoking the Add() method, an attacker can execute arbitrary code via a controlled pointer, leveraging heap spraying to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Quest InTrust 10.4.x (ANNOTATEX.DLL)
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/intrust_annotatex_add.rb

This Metasploit module exploits an uninitialized pointer vulnerability in Quest InTrust Annotation Objects ActiveX component (CVE-2012-5896) via heap spray and ROP chain techniques to achieve remote code execution on Windows XP/Vista/7 targets with IE6-8.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Quest InTrust Annotation Objects ActiveX (AnnotateX.dll v1.0.32.0)
No auth needed
Prerequisites: Victim must visit malicious webpage · ActiveX component must be installed · Target must use vulnerable IE version
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18674
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/80662
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74448
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-03/0153.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52765
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48566

Scores

EPSS 0.6939
EPSS Percentile 99.3%

Details

Status published
Products (5)
quest/intrust 10.1
quest/intrust 10.2.5
quest/intrust 10.3
quest/intrust 10.4
quest/intrust < 10.4.0.853
Published Nov 17, 2012
Tracked Since Feb 18, 2026