6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.111 Low
EPSS
Percentile
95.2%
Added: 04/27/2015
CVE: CVE-2015-0555
OSVDB: 118668
Samsung iPOLiS Device Manager is software for managing network devices. It comes with an ActiveX control called **XnsSdkDeviceIpInstaller.ocx**
.
A buffer overflow vulnerability in the **ReadConfigValue**
and **WriteConfigValue**
methods in the **XnsSdkDeviceIpInstaller.ocx**
ActiveX control allows command execution when a user loads a specially crafted web page.
There is no known fix for this vulnerability. Remove the ActiveX control or avoid loading pages from untrusted sites.
<http://seclists.org/fulldisclosure/2015/Feb/81>
Exploit works on Windows XP SP3 with IE 6 and 7, and requires a user to load the exploit page in Internet Explorer.
Windows