Stack-based Buffer Overflow in Samsung iPOLiS Device Manager ActiveX Control
CVE-2014-3912

Currently unrated

Key Information:

Vendor: Samsung
Status: Ipolis Device Manager
Vendor: CVE Published:; 5 June 2014

What is CVE-2014-3912?

A stack-based buffer overflow vulnerability exists in the FindConfigChildeKeyList method of the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control found in Samsung's iPOLiS Device Manager. This vulnerability allows remote attackers to execute arbitrary code by sending a specially crafted long value, potentially compromising the affected system without user intervention.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-169

x_refsource_MISC

http://www.securityfocus.com/bid/67823

vdb-entryx_refsource_BID

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 5, 2014
Vulnerability Reserved
May 29, 2014