Stack-Based Buffer Overflow in Samsung ActiveX Control
CVE-2012-4333

Currently unrated

Key Information:

Vendor

Samsung
Status
Net-i Viewer
Vendor
CVE Published:
14 August 2012

What is CVE-2012-4333?

Multiple stack-based buffer overflow vulnerabilities exist in the BackupToAvi method of specific Samsung ActiveX controls. These flaws can be exploited by remote attackers who craft long input strings in the fname parameter, potentially leading to arbitrary code execution. This vulnerability affects versions 1.5.1.1 and 2.0.1.0 of the UMS_Ctrl and UMS_Ctrl_STW ActiveX controls used in the Samsung NET-i viewer.

References

http://www.exploit-db.com/exploits/18765
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/53193
vdb-entryx_refsource_BID
http://secunia.com/advisories/48966
third-party-advisoryx_refsource_SECUNIA

EPSS Score

65% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2012-4333 : Stack-Based Buffer Overflow in Samsung ActiveX Control