Описание
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 10.4.0.853 (включая)
Одно из
cpe:2.3:a:quest:intrust:*:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.1:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.2.5:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.3:*:*:*:*:*:*:*
cpe:2.3:a:quest:intrust:10.4:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10666
Средний
9.3 Critical
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
EPSS
Процентиль: 93%
0.10666
Средний
9.3 Critical
CVSS2
Дефекты
CWE-264