Quest InTrust 'AnnotateX.dll' Uninitialized Pointer Code Execution Vulnerability

2018年5月11日

Email
Facebook
Twitter
Google+
Linkedin

危険度: : 緊急

概要

Quest InTrust is prone to a remote code-execution vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.

トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.
Update your software to the latest releases. You may do so for this particular software here: https://support.quest.com/intrust/download-new-releases

対応方法

Trend Micro Deep Security DPI Rule Name: 1004989 - Quest InTrust 'AnnotateX.dll' Uninitialized Pointer Code Execution Vulnerability

影響を受けるソフトウェア

Quest InTrust 10.4.0.853 and earlier