CVE-2014-3911

Currently unrated

Key Information:

Vendor: Samsung
Status: Ipolis Device Manager
Vendor: CVE Published:; 11 June 2014

Summary

Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-170/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-14-172/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-14-168/

x_refsource_MISC

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 11, 2014
Vulnerability Reserved
May 29, 2014