Added: 04/27/2015
CVE: CVE-2015-0555
OSVDB: 118668
Samsung iPOLiS Device Manager is software for managing network devices. It comes with an ActiveX control called **XnsSdkDeviceIpInstaller.ocx**
.
A buffer overflow vulnerability in the **ReadConfigValue**
and **WriteConfigValue**
methods in the **XnsSdkDeviceIpInstaller.ocx**
ActiveX control allows command execution when a user loads a specially crafted web page.
There is no known fix for this vulnerability. Remove the ActiveX control or avoid loading pages from untrusted sites.
<http://seclists.org/fulldisclosure/2015/Feb/81>
Exploit works on Windows XP SP3 with IE 6 and 7, and requires a user to load the exploit page in Internet Explorer.
Windows