Remote Code Execution Vulnerability in Samsung iPOLiS Device Manager
CVE-2014-3911

Currently unrated

Key Information:

Vendor: Samsung
Status: Ipolis Device Manager
Vendor: CVE Published:; 11 June 2014

Summary

Samsung iPOLiS Device Manager versions prior to 1.8.7 are vulnerable to a remote code execution attack. This vulnerability allows attackers to exploit unspecified values in multiple methods of the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control, potentially enabling unauthorized parties to execute arbitrary code on affected systems.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-170/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-14-172/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-14-168/

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 11, 2014
Vulnerability Reserved
May 29, 2014