1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Quest Intrust RCE CVE-2012-5896

Web Attack: Quest Intrust RCE CVE-2012-5896

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a remote code execution vulnerability in Quest Intrust.

Additional Information

Quest InTrust is an event log management software for security and compliance.

Quest InTrust is prone to a remote code-execution vulnerability due to an error in handling an uninitialized pointer. Specifically, the issue affects the 'AnnotateX.dll' component.

An attacker can exploit this issue by invoking 'Add()' method.

Affected

  • Quest InTrust 10.4.X and earlier is vulnerable
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube