CVE-2012-5896

Name of the Vulnerable Software and Affected Versions Quest InTrust versions 10.4.0.853 and earlier

Description The issue is related to the Annotation Objects Extension ActiveX control in AnnotateX.dll, which does not properly implement the Add method. This allows remote attackers to execute arbitrary code via a memory address in the first argument, specifically due to an "uninitialized pointer".

Recommendations For Quest InTrust versions 10.4.0.853 and earlier, consider disabling the Annotation Objects Extension ActiveX control until a patch is available. Restrict access to the Add method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.