漏洞描述
Quest InTrust 10.4.0.853版本和早期版本中存在远程代码执行漏洞,该漏洞源于对用户提供的数据未经充分的边界检查。远程攻击者可利用该漏洞在使用ActiveX控件的应用程序(典型如Internet Explorer)上下文中执行任意代码,攻击失败可能导致拒绝服务。
Quest InTrust ‘AnnotateX.dll’ 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2018-11133: Quest KACE SMA /common/run_cross_report.php 'fmt' XSS
- POC CVE-2021-31589: BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting
- POC CVE-2022-26138: Atlassian Questions For Confluence - Hardcoded Credentials
- POC azure-keyvault-trusted-ms-unrestricted: Key Vault Trusted Microsoft Services Access Not Configured
- POC gcloud-org-trusted-images: Trusted Image Projects Not Defined
- POC allow-untrusted-certificates: System Allows Untrusted Certificates
- POC onetrust-geolocation-csp-bypass: Content-Security-Policy Bypass - OneTrust Geolocation
- POC android-user-certificates-trust: Android Trusts User Certificates
- POC CVE-2018-11138: Quest KACE System Management Appliance 8.0.318 - Remote Code Execution
- POC ciphertrust-default-login: Ciphertrust - Default Login
- POC questdb-console: QuestDB Console - Detect
- POC beyond-trust-xss: BeyondTrust Remote Support 6.0 - Cross-Site Scripting
- POC untrusted-root-certificate: Untrusted Root Certificate - Detect