Lucene search
Andrea Micalizzi (rgod)ZDI-14-401HistoryDec 04, 2014 - 12:00 a.m.
Samsung SmartViewer CNC_Ctrl ActiveX Control BackupToAvi Remote Code Execution Vulnerability
2014-12-0400:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
9
0.598 Medium
EPSS
Percentile
97.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SmartViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the BackupToAvi method. The issue lies in the failure to validate the size of the input buffer before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process.
Related
cve
cve
CVE-2014-9265
2014-12-08 16:59:06
prion
prion
Stack overflow
2014-12-08 16:59:00
zdt
zdt
Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution Exploit
2015-01-20 00:00:00
packetstorm
packetstorm
Samsung SmartViewer BackupToAvi 3.0 Remote Code Execution
2015-01-19 00:00:00
cvelist
cvelist
CVE-2014-9265
2014-12-08 16:00:00
exploitpack
exploitpack
Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution
2015-01-19 00:00:00
nvd
nvd
CVE-2014-9265
2014-12-08 16:59:06
exploitdb
exploitdb
Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution
2015-01-19 00:00:00
checkpoint_advisories
checkpoint_advisories