Описание
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-3911
- http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip
- http://www.securityfocus.com/bid/67822
- http://www.zerodayinitiative.com/advisories/ZDI-14-167
- http://www.zerodayinitiative.com/advisories/ZDI-14-168
- http://www.zerodayinitiative.com/advisories/ZDI-14-170
- http://www.zerodayinitiative.com/advisories/ZDI-14-171
- http://www.zerodayinitiative.com/advisories/ZDI-14-172
Связанные уязвимости
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.