CVE-2012-3808

HIGH

Samsung Kies <2.5.0.12094_27_11 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3808.

AI-analyzed exploit summary The provided exploit code demonstrates multiple vulnerabilities in Samsung Kies, including a NULL pointer dereference (CVE-2012-3806), arbitrary file execution (CVE-2012-3807), and arbitrary file modification (CVE-2012-3808). The PoC code includes functional HTML/JavaScript examples that trigger these vulnerabilities via ActiveX controls.

Description

Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.

Exploits (1)

exploitdb WORKING POC
remotewindows
https://www.exploit-db.com/exploits/22007

The provided exploit code demonstrates multiple vulnerabilities in Samsung Kies, including a NULL pointer dereference (CVE-2012-3806), arbitrary file execution (CVE-2012-3807), and arbitrary file modification (CVE-2012-3808). The PoC code includes functional HTML/JavaScript examples that trigger these vulnerabilities via ActiveX controls.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Samsung Kies 2.3.2.12054_20
No auth needed
Prerequisites: Samsung Kies installed · ActiveX controls enabled in the browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
https://www.securityfocus.com/bid/55936
Third Party Advisory x_refsource_misc
https://www.tenable.com/plugins/nessus/65612
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/cve/CVE-2012-3808

Scores

CVSS v3 7.5
EPSS 0.0499
EPSS Percentile 91.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (1)
samsung/kies < 2.5.0.12094_27_11
Published Jan 09, 2020
Tracked Since Feb 18, 2026