Lucene search
SAINT CorporationSAINT:52D04D116E353FDEFF3E2508EB55C015HistoryApr 27, 2015 - 12:00 a.m.
Samsung iPOLiS Device Manager ReadConfigValue vulnerability
2015-04-2700:00:00
SAINT Corporation
download.saintcorporation.com
21
0.111 Low
EPSS
Percentile
95.2%
Added: 04/27/2015
CVE: CVE-2015-0555
OSVDB: 118668
Background
Samsung iPOLiS Device Manager is software for managing network devices. It comes with an ActiveX control called **XnsSdkDeviceIpInstaller.ocx**.
Problem
A buffer overflow vulnerability in the **ReadConfigValue** and **WriteConfigValue** methods in the **XnsSdkDeviceIpInstaller.ocx** ActiveX control allows command execution when a user loads a specially crafted web page.
Resolution
There is no known fix for this vulnerability. Remove the ActiveX control or avoid loading pages from untrusted sites.
References
<http://seclists.org/fulldisclosure/2015/Feb/81>
Limitations
Exploit works on Windows XP SP3 with IE 6 and 7, and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
cve
cve
CVE-2015-0555
2015-02-24 15:59:04
exploitpack
exploitpack
cvelist
cvelist
CVE-2015-0555
2015-02-24 15:00:00
saint
saint
Samsung iPOLiS Device Manager ReadConfigValue vulnerability
2015-04-27 00:00:00
Samsung iPOLiS Device Manager ReadConfigValue vulnerability
2015-04-27 00:00:00
Samsung iPOLiS Device Manager ReadConfigValue vulnerability
2015-04-27 00:00:00
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2015-0555
2015-02-24 15:59:04
packetstorm
packetstorm
Samsung iPOLiS 1.12.2 ReadConfigValue Remote Code Execution
2015-04-15 00:00:00
Samsung iPolis Buffer Overflow
2015-02-21 00:00:00
zdt
zdt
openvas
openvas
Samsung iPOLiS Device Manager Buffer Overflow Vulnerability
2015-03-20 00:00:00
prion
prion
Buffer overflow
2015-02-24 15:59:00
exploitdb
exploitdb