exploitDog

CVE-2012-2990

Опубликовано: 24 авг. 2012

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document.

Ссылки

http://www.kb.cert.org/vuls/id/663809
Patch
US Government Resource
http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=931
http://www.kb.cert.org/vuls/id/663809
Patch
US Government Resource
http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=931

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:samsung:kies:*:*:*:*:*:*:*:*

Версия до 2.3.2.12074 (включая)

EPSS

Процентиль: 79%

0.01238

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-6ff5-xppw-fx3m

github

больше 3 лет назад

The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document.

EPSS

Процентиль: 79%

0.01238

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-94