CVE-2012-3809

HIGH

Samsung Kies <2.5.0.12094 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3809.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Samsung Kies, including a NULL pointer dereference (CVE-2012-3806) and arbitrary file execution/modification (CVE-2012-3807, CVE-2012-3808, CVE-2012-3809) via ActiveX controls. Functional PoC code is provided for each vulnerability, leveraging VBScript to trigger crashes or execute arbitrary commands.

Description

Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.

Exploits (1)

exploitdb WORKING POC
remotewindows
https://www.exploit-db.com/exploits/22007

The exploit demonstrates multiple vulnerabilities in Samsung Kies, including a NULL pointer dereference (CVE-2012-3806) and arbitrary file execution/modification (CVE-2012-3807, CVE-2012-3808, CVE-2012-3809) via ActiveX controls. Functional PoC code is provided for each vulnerability, leveraging VBScript to trigger crashes or execute arbitrary commands.

Classification
Working Poc 100%
Attack Type
Rce | Dos
Complexity
Trivial
Reliability
Reliable
Target: Samsung Kies 2.3.2.12054_20
No auth needed
Prerequisites: Samsung Kies installed · ActiveX controls enabled in browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
https://www.securityfocus.com/bid/55936
Third Party Advisory x_refsource_misc
https://www.tenable.com/plugins/nessus/65612
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/cve/CVE-2012-3809

Scores

CVSS v3 7.5
EPSS 0.0499
EPSS Percentile 91.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (1)
samsung/kies < 2.5.0.12094_27_11
Published Jan 09, 2020
Tracked Since Feb 18, 2026