Description
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by rgod · textremotewindows
https://www.exploit-db.com/exploits/18672
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52773
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-03/0155.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18672
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74442
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48566
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80664
Scores
EPSS
0.1067
EPSS Percentile
93.3%
Details
CWE
CWE-264
Status
published
Products (5)
quest/intrust
10.1
quest/intrust
10.2.5
quest/intrust
10.3
quest/intrust
10.4
quest/intrust
< 10.4.0.853
Published
Nov 17, 2012
Tracked Since
Feb 18, 2026