CVE-2012-4333

This Metasploit module exploits a buffer overflow in Samsung NET-i viewer's CNC_Ctrl.dll ActiveX control via a long string in the BackupToAvi method, leading to remote code execution.

This is a technical writeup by Luigi Auriemma detailing three vulnerabilities in Samsung NET-i ware, including an endless loop in remote services, code execution in the ConnectDDNS ActiveX, and a stack overflow in the BackupToAvi ActiveX. The writeup provides assembly-level analysis and references external PoC tools.

This Metasploit module exploits a buffer overflow vulnerability in the Samsung NET-i Viewer ActiveX control (CNC_Ctrl.dll) via the BackupToAvi method. It leverages a long string in the fname parameter to trigger an integer overflow, leading to remote code execution.