CVE-2012-5897

Quest InTrust < 10.4.0.853 - Arbitrary File Write via ARDoc ActiveX SaveToFile Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5897. PoCs published by rgod.

AI-analyzed exploit summary The exploit demonstrates arbitrary file creation/overwrite via the `SaveToFile` method in Quest InTrust's ActiveX controls (`ARDoc.dll`). The PoC overwrites `boot.ini` but notes potential for RCE if file content can be controlled.

Description

The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · textremotewindows

https://www.exploit-db.com/exploits/18672

View Code ZIP pw:eip

The exploit demonstrates arbitrary file creation/overwrite via the `SaveToFile` method in Quest InTrust's ActiveX controls (`ARDoc.dll`). The PoC overwrites `boot.ini` but notes potential for RCE if file content can be controlled.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Quest InTrust 10.4.x

No auth needed

Prerequisites: Victim must have Quest InTrust 10.4.x installed · ActiveX control must be instantiated in a browser context

MITRE ATT&CK