Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:9FF9D7FD1505E91966F8F9BC5548D7A7
HistoryApr 27, 2015 - 12:00 a.m.

Samsung iPOLiS Device Manager ReadConfigValue vulnerability

2015-04-2700:00:00
SAINT Corporation
download.saintcorporation.com
17

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.111 Low

EPSS

Percentile

95.2%

JSON

Added: 04/27/2015
CVE: CVE-2015-0555
OSVDB: 118668

Background

Samsung iPOLiS Device Manager is software for managing network devices. It comes with an ActiveX control called **XnsSdkDeviceIpInstaller.ocx**.

Problem

A buffer overflow vulnerability in the **ReadConfigValue** and **WriteConfigValue** methods in the **XnsSdkDeviceIpInstaller.ocx** ActiveX control allows command execution when a user loads a specially crafted web page.

Resolution

There is no known fix for this vulnerability. Remove the ActiveX control or avoid loading pages from untrusted sites.

References

<http://seclists.org/fulldisclosure/2015/Feb/81&gt;

Limitations

Exploit works on Windows XP SP3 with IE 6 and 7, and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

Related

cve 1
exploitpack 1
cvelist 1
saint 3
checkpoint_advisories 1
nvd 1
packetstorm 2
zdt 1
openvas 1
prion 1
exploitdb 1
cve
cve
CVE-2015-0555
2015-02-24 15:59:04
exploitpack
exploitpack
Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue (PoC)
2015-02-22 00:00:00
cvelist
cvelist
CVE-2015-0555
2015-02-24 15:00:00
saint
saint
Samsung iPOLiS Device Manager ReadConfigValue vulnerability
2015-04-27 00:00:00
Samsung iPOLiS Device Manager ReadConfigValue vulnerability
2015-04-27 00:00:00
Samsung iPOLiS Device Manager ReadConfigValue vulnerability
2015-04-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Samsung iPOLiS Device Manager WriteConfigValue Stack Buffer Overflow (CVE-2015-0555)
2015-03-29 00:00:00
nvd
nvd
CVE-2015-0555
2015-02-24 15:59:04
packetstorm
packetstorm
Samsung iPOLiS 1.12.2 ReadConfigValue Remote Code Execution
2015-04-15 00:00:00
Samsung iPolis Buffer Overflow
2015-02-21 00:00:00
zdt
zdt
Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue PoC
2015-02-23 00:00:00
openvas
openvas
Samsung iPOLiS Device Manager Buffer Overflow Vulnerability
2015-03-20 00:00:00
prion
prion
Buffer overflow
2015-02-24 15:59:00
exploitdb
exploitdb
Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue (PoC)
2015-02-22 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.111 Low

EPSS

Percentile

95.2%

JSON
Related for SAINT:9FF9D7FD1505E91966F8F9BC5548D7A7
cve1exploitpack1cvelist1saint3checkpoint_advisories1nvd1packetstorm2zdt1openvas1prion1exploitdb1