CVE-2012-5897

Name of the Vulnerable Software and Affected Versions Quest InTrust versions 10.4.0.853 and earlier

Description The issue concerns the improper implementation of the SaveToFile method in the SimpleTree and ReportTree classes within the ARDoc ActiveX control. This allows remote attackers to write or overwrite arbitrary files using the bstrFileName argument.

Recommendations For Quest InTrust versions 10.4.0.853 and earlier, consider restricting access to the SaveToFile method in the SimpleTree and ReportTree classes until a patch is available. As a temporary workaround, avoid using the bstrFileName argument in the affected method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.