CVE-2015-0555

Samsung Ipolis Device Manager - Memory Corruption

Title source: rule

Description

Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.

Exploits (2)

exploitdb WORKING POC

by Praveen Darshanam · htmlremotewindows

https://www.exploit-db.com/exploits/36756

View Code ZIP pw:eip

exploitdb WORKING POC

by Praveen Darshanam · htmldoswindows

https://www.exploit-db.com/exploits/36152

View Code ZIP pw:eip

References (2)

[Exploit] http://packetstormsecurity.com/files/131421/Samsung-iPOLiS-1.12.2-ReadConfigValue-Remote-Code-Execution.html

[Exploit] http://seclists.org/fulldisclosure/2015/Feb/81

Scores

EPSS 0.2486

EPSS Percentile 96.2%

Details

CWE

CWE-119

Status published

Products (1)

samsung/ipolis_device_manager 1.12.2

Published Feb 24, 2015

Tracked Since Feb 18, 2026