Remote Code Execution Vulnerability in Samsung NET-i Viewer ActiveX Controls
CVE-2012-4334

Currently unrated

Key Information:

Vendor: Samsung
Status: Net-i Viewer
Vendor: CVE Published:; 14 August 2012

Summary

The Samsung NET-i Viewer version 1.37.120316 contains vulnerabilities in its ActiveX controls, specifically with the ConnectDDNS method. This flaw allows remote attackers to execute arbitrary code on affected systems by exploiting unspecified vectors. Users of STWConfigNVR version 1.1.13.15 and STWConfig version 1.1.14.13 are particularly at risk, as these versions contain unpatched vulnerabilities that can lead to unauthorized system control. To mitigate this risk, it is recommended to update to the latest versions and review security settings.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/75069

vdb-entryx_refsource_XF

http://www.exploit-db.com/exploits/18765

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/53193

vdb-entryx_refsource_BID

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 14, 2012
Vulnerability Reserved
Aug 14, 2012