Description
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
References (7)
Core 7
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-170/
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-168/
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-167/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67822
Patch x_refsource_misc
http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-172/
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-171/
Scores
EPSS
0.0838
EPSS Percentile
92.4%
Details
CWE
CWE-94
Status
published
Products (1)
samsung/ipolis_device_manager
< 1.8.2
Published
Jun 11, 2014
Tracked Since
Feb 18, 2026