CVE-2012-0279 - Vulnerability Details - OpenCVE

Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Quest	Toad For Data Analysts

Configuration 1 [-]

cpe:2.3:a:quest:toad_for_data_analysts:3.0.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/48663
http://secunia.com/secunia_research/2012-13/
http://www.securityfocus.com/bid/53276
https://exchange.xforce.ibmcloud.com/vulnerabilities/75192

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2012-05-01T23:00:00

Updated: 2024-08-06T18:23:29.333Z

Reserved: 2011-12-30T00:00:00

Link: CVE-2012-0279

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-05-01T23:55:01.063

Modified: 2024-11-21T01:34:42.843

Link: CVE-2012-0279

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2012-13/"}, {"name": "48663", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48663"}, {"name": "quest-toad-insecure-permissions(75192)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75192"}, {"name": "53276", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53276"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2012-0279", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://secunia.com/secunia_research/2012-13/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2012-13/"}, {"name": "48663", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48663"}, {"name": "quest-toad-insecure-permissions(75192)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75192"}, {"name": "53276", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53276"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:23:29.333Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2012-13/"}, {"name": "48663", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48663"}, {"name": "quest-toad-insecure-permissions(75192)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75192"}, {"name": "53276", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53276"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2012-0279", "datePublished": "2012-05-01T23:00:00", "dateReserved": "2011-12-30T00:00:00", "dateUpdated": "2024-08-06T18:23:29.333Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quest:toad_for_data_analysts:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "48A398AA-97A9-4A7E-AC93-4E39D7B9DEA4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file."}, {"lang": "es", "value": "Quest Toad for Data Analysts v3.0.1, utiliza permisos d\u00e9biles (Todos: Control Total) para el directorio compartido %COMMONPROGRAMFILES%\\Quest, lo que permite a atacantes remotos obtener privilegios a trav\u00e9s de un caballo de Troya."}], "id": "CVE-2012-0279", "lastModified": "2024-11-21T01:34:42.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-01T23:55:01.063", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/48663"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2012-13/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/53276"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2012-13/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53276"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75192"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}