Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

2012-04-27T00:00:00
ID SAINT:327E323888625FD17514568A307FA2A9
Type saint
Reporter SAINT Corporation
Modified 2012-04-27T00:00:00

Description

Added: 04/27/2012
BID: 52765
OSVDB: 80662

Background

InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems.

Problem

Quest Intrust Annotation Objects ActiveX Control (AnnotateX.dll) is vulnerable to remote code execution due to an input validation error when handling the function call Add() with a specially crafted obj argument.

Resolution

Upgrade or apply a patch when the vendor releases one. In the interim, the Annotation Objects ActiveX control can be disabled by following Microsoft's instructions at <http://support.microsoft.com/kb/240797> to disable **clsid:EF600D71-358F-11D1-8FD4-00AA00BD091C**.

References

<http://secunia.com/advisories/48566/>

Limitations

This exploit has been tested against Quest Software InTrust 10.4.0.853 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

A user on the target system with the vulnerable ActiveX control must open the exploit file in Internet Explorer 8 or 9.

Platforms

Windows