CVE-2012-4333

Samsung NET-i viewer 1.37.120316 - Remote Code Execution via BackupToAvi Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-4333. PoCs published by Metasploit, Luigi Auriemma, Luigi Auriemma, juan vazquez, including Metasploit module exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Samsung NET-i viewer's CNC_Ctrl.dll ActiveX control via a long string in the BackupToAvi method, leading to remote code execution.

Description

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/19027

This Metasploit module exploits a buffer overflow in Samsung NET-i viewer's CNC_Ctrl.dll ActiveX control via a long string in the BackupToAvi method, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samsung NET-i viewer 1.37 with CNC_Ctrl.dll 1.5.1.1
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target must have the vulnerable ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/18765

This is a technical writeup by Luigi Auriemma detailing three vulnerabilities in Samsung NET-i ware, including an endless loop in remote services, code execution in the ConnectDDNS ActiveX, and a stack overflow in the BackupToAvi ActiveX. The writeup provides assembly-level analysis and references external PoC tools.

Classification
Writeup 90%
Attack Type
Rce | Dos
Complexity
Moderate
Reliability
Theoretical
Target: Samsung NET-i ware <= 1.37
No auth needed
Prerequisites: Network access to vulnerable services · ActiveX controls enabled in target environment
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Luigi Auriemma, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb

This Metasploit module exploits a buffer overflow vulnerability in the Samsung NET-i Viewer ActiveX control (CNC_Ctrl.dll) via the BackupToAvi method. It leverages a long string in the fname parameter to trigger an integer overflow, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samsung NET-i Viewer 1.37 (CNC_Ctrl.dll 1.5.1.1)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled in the browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18765
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53193
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48966
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75070

Scores

EPSS 0.6045
EPSS Percentile 99.0%

Details

CWE
CWE-119
Status published
Products (1)
samsung/net-i_viewer 1.37.120316
Published Aug 14, 2012
Tracked Since Feb 18, 2026