Quest InTrust ActiveX Controls Multiple Vulnerabilities
Release Date : 2012-03-30
Criticality level : Highly critical
Impact : System access
Manipulation of data
Where : From remote
Solution Status : Unpatched
Quest ARDoc ActiveX Control 7.x
Quest InTrust 10.x
Software FX Annotation Objects Extension ActiveX Control (AnnotateX.dll) 1.x
Andrea Micalizzi has discovered multiple vulnerabilities in Quest InTrust, which can be exploited by malicious people to manipulate certain data and compromise a user's system.
1) An insecure method in the ARDoc ActiveX Control (ARDoc.dll) can be exploited to overwrite arbitrary files with the contents of exported documents via a call to the "SaveToFile()" method with a specially crafted "bstrFileName" argument.
2) An input validation error in the Annotation Objects Extension ActiveX Control (AnnotateX.dll) can be exploited to call an arbitrary memory location via a call to the "Add()" method with a specially crafted "obj" argument.
Successful exploitation of this vulnerability allows execution of arbitrary code.
The vulnerabilities are confirmed in version 10.4.0.853. Other versions may also be affected.
Set the kill-bit for the ActiveX controls.
Provided and/or discovered by:
Andrea Micalizzi (rgod)