Published: 24/02/2015 Updated: 01/04/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote malicious users to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samsung ipolis device manager 1.12.2

Samsung iPolis suffers from a buffer overflow vulnerability in XnsSdkDeviceIpInstallerocx ...

<html> <!-- Vendor Homepage: wwwsamsung-securitycom/Tools/device-manageraspx Samsung iPOLiS 1122 ReadConfigValue Remote Code Execution (heap spray) CVE: 2015-0555 Author: Praveen Darshanam blogdisectscom/2015/02/samsung-ipolis-1122-xnssdkdeviceipinstahtml darshanamsblogspotcom/ Tested on Windows XP SP3 IE6/7 ...

<!-- # Exploit Title: (0day)Samsung iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue Remote Code Execution PoC (CVE-2015-0555) # Date: 22/02/2015 # Exploit Author: Praveen Darshanam # Vendor Homepage: *wwwsamsung-securitycom/Tools/device-manageraspx # Version: Samsung iPOLiS 1122 # Tested on: Windows 7 Ultimate N SP1 # CVE: 2 ...

CWE-119 http://seclists.org/fulldisclosure/2015/Feb/81 http://packetstormsecurity.com/files/131421/Samsung-iPOLiS-1.12.2-ReadConfigValue-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/130478/Samsung-iPolis-Buffer-Overflow.html https://www.exploit-db.com/exploits/36756/

CVE-2015-0555

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect