Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
CPE | Name | Operator | Version |
---|---|---|---|
ipolis_device_manager | le | 1.8.2 |
update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip
www.securityfocus.com/bid/67822
www.zerodayinitiative.com/advisories/ZDI-14-167/
www.zerodayinitiative.com/advisories/ZDI-14-168/
www.zerodayinitiative.com/advisories/ZDI-14-170/
www.zerodayinitiative.com/advisories/ZDI-14-171/
www.zerodayinitiative.com/advisories/ZDI-14-172/