Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012
BID: 52765
OSVDB: 80662


InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems.


Quest Intrust Annotation Objects ActiveX Control (AnnotateX.dll) is vulnerable to remote code execution due to an input validation error when handling the function call Add() with a specially crafted obj argument.


Upgrade or apply a patch when the vendor releases one. In the interim, the Annotation Objects ActiveX control can be disabled by following Microsoft's instructions at to disable clsid:EF600D71-358F-11D1-8FD4-00AA00BD091C.



This exploit has been tested against Quest Software InTrust on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

A user on the target system with the vulnerable ActiveX control must open the exploit file in Internet Explorer 8 or 9.



Back to exploit index