11 matches found
CVE-2012-3809
Samsung Kies before 2.5.0.12094_27_11 is affected by multiple vulnerabilities linked to its ActiveX and firmware update components. CVE-2012-3809 (Arbitrary Directory Modification) arises from a flaw in CmdAgentLib within CmdAgent.dll (Samsung Kies External\FirmwareUpdate) that allows modificatio...
CVE-2012-3806
CVE-2012-3806 concerns Samsung Kies prior to 2.5.0.12094_27_11, with a NULL pointer dereference vulnerability that could allow remote attackers to cause a denial of service. The vulnerability is associated with the Samsung Kies ActiveX components as well as the desktop client’s handling of certai...
CVE-2012-3807
Samsung Kies before 2.5.0.12094_27_11 is affected by CVE-2012-3807 (and related CVEs) with arbitrary file execution via vulnerable components (notably ActiveX controls and related DLLs). Public sources indicate multiple vulnerabilities in Samsung Kies ActiveX/DCAPARAGONGM.dll and CmdAgent.dll, en...
CVE-2012-3808
CVE-2012-3808 concerns Samsung Kies. The connected docs confirm a vulnerability class of Arbitrary File Modification in Kies versions prior to 2.5.0.12094_27_11, caused by insecure operations in the CmdAgentLib/CmdAgent dlls (ICommandAgent interface) used by Kies’ firmware update component. The a...
CVE-2012-3810
CVE-2012-3810 pertains to Samsung Kies before 2.5.0.12094_27_11, with multiple vulnerabilities arising from the CmdAgentLib and related ActiveX components. The attached documents describe: (1) CVE-2012-3810 — Arbitrary Registry Modification via CmdAgentLib, enabling manipulation of registry keys/...
CVE-2022-30744
CVE-2022-30744 is a DLL hijacking vulnerability in KiesWrapper of Samsung Kies prior to 2.6.4.22043_1. The issue allows a local attacker to execute arbitrary code by loading a DLL without an absolute path, with impact described as arbitrary code execution and requiring local access. Affected comp...
CVE-2022-27843
The CVE-2022-27843 entry describes a DLL hijacking vulnerability in Samsung Kies prior to version 2.6.4.22014_2, which could allow an attacker to execute arbitrary code. Affected product: Kies (Samsung Kies desktop software); affected component: the DLL handling path resolution leading to hijack....
CVE-2022-39845
CVE-2022-39845 concerns Samsung Kies prior to 2.6.4.22074, where an improper validation of the integrity check enables a local attacker to delete arbitrary directories via a directory junction. The entry is corroborated across multiple sources (NVD entry details, Red Hat advisory, CVE records) in...
CVE-2012-2990
The CVE-2012-2990 entry concerns the MarkAny ContentSAFER MASetupCaller ActiveX control (MASetupCaller.dll) bundled with Samsung KIES. The vulnerability affects versions prior to 1.4.2012.508 and is triggered by certain method calls in the ActiveX, allowing a remote attacker to download and execu...
CVE-2012-6429
CVE-2012-6429 is a buffer overflow in the PrepareSync() method of the SyncService.dll ActiveX control in Samsung Kies prior to version 2.5.1.12123_2_7 . The vulnerability arises from insufficient input sanitisation, allowing a remote attacker to supply a crafted long value to the password paramet...
CVE-2015-8780
The CVE-2015-8780 entry concerns Samsung wssyncmlnps before 2015-10-31, where Kies restore contains a directory traversal flaw (ZipFury). The vulnerability exists in Samsung wssyncmlnps Kies restore prior to the given date and could allow an attacker to write arbitrary files. Connected CNVD entry...