Unrated severityNVD Advisory· Published Nov 17, 2012· Updated Apr 29, 2026

CVE-2012-5896

Description

The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."

Affected products

Quest/Intrust5 versions
cpe:2.3:a:quest:intrust:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:quest:intrust:*:*:*:*:*:*:*:*range: <=10.4.0.853
- cpe:2.3:a:quest:intrust:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:quest:intrust:10.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:quest:intrust:10.3:*:*:*:*:*:*:*
- cpe:2.3:a:quest:intrust:10.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2012-03/0153.htmlnvdExploit
dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/intrust_annotatex_add.rbnvdExploit
packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.htmlnvdExploit
www.exploit-db.com/exploits/18674nvdExploit
www.securityfocus.com/bid/52765nvdExploit
secunia.com/advisories/48566nvdVendor Advisory
osvdb.org/80662nvd
packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/74448nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.065
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000