CVE-2012-5896
Quest InTrust <10.4.0.853 - RCE
Title source: llmDescription
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18735
exploitdb
WORKING POC
VERIFIED
by rgod · textremotewindows
https://www.exploit-db.com/exploits/18674
metasploit
WORKING POC
NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/intrust_annotatex_add.rb
References (9)
Scores
EPSS
0.8134
EPSS Percentile
99.2%
Details
Status
published
Products (5)
quest/intrust
10.1
quest/intrust
10.2.5
quest/intrust
10.3
quest/intrust
10.4
quest/intrust
< 10.4.0.853
Published
Nov 17, 2012
Tracked Since
Feb 18, 2026