Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012
BID: 52765
OSVDB: 80662

Background

InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems.

Problem

Quest Intrust Annotation Objects ActiveX Control (AnnotateX.dll) is vulnerable to remote code execution due to an input validation error when handling the function call Add() with a specially crafted obj argument.

Resolution

Upgrade or apply a patch when the vendor releases one. In the interim, the Annotation Objects ActiveX control can be disabled by following Microsoft's instructions at http://support.microsoft.com/kb/240797 to disable clsid:EF600D71-358F-11D1-8FD4-00AA00BD091C.

References

http://secunia.com/advisories/48566/

Limitations

This exploit has been tested against Quest Software InTrust 10.4.0.853 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

A user on the target system with the vulnerable ActiveX control must open the exploit file in Internet Explorer 8 or 9.

Platforms

Windows

Back to exploit index