CVE-2012-6429

Samsung Kies < 2.5.0.12114_1 - Remote Code Execution via SyncService.dll PrepareSync Password Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6429. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary This is a VBScript-based proof-of-concept exploit for a remote buffer overflow vulnerability in Samsung Kies. It triggers the vulnerability by passing an overly long string to the 'PrepareSync' method of a specific ActiveX object.

Description

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.

Exploits (1)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge · htmlremotewindows
https://www.exploit-db.com/exploits/38206

This is a VBScript-based proof-of-concept exploit for a remote buffer overflow vulnerability in Samsung Kies. It triggers the vulnerability by passing an overly long string to the 'PrepareSync' method of a specific ActiveX object.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Samsung Kies v2.5.0.12114_1
No auth needed
Prerequisites: Victim must open the malicious HTML file in a browser with ActiveX enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/81160
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-01/0036.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/57249
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/89118

Scores

EPSS 0.1535
EPSS Percentile 96.3%

Details

CWE
CWE-119
Status published
Products (1)
samsung/kies < 2.5.0.12114_1
Published Apr 04, 2014
Tracked Since Feb 18, 2026