Vulnerability Details CVE-2014-3911
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.097
EPSS Ranking 92.6%
CVSS Severity
CVSS v2 Score 9.3
References
- http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip
- http://www.securityfocus.com/bid/67822
- http://www.zerodayinitiative.com/advisories/ZDI-14-167/
- http://www.zerodayinitiative.com/advisories/ZDI-14-168/
- http://www.zerodayinitiative.com/advisories/ZDI-14-170/
- http://www.zerodayinitiative.com/advisories/ZDI-14-171/
- http://www.zerodayinitiative.com/advisories/ZDI-14-172/
- http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip
- http://www.securityfocus.com/bid/67822
- http://www.zerodayinitiative.com/advisories/ZDI-14-167/
- http://www.zerodayinitiative.com/advisories/ZDI-14-168/
- http://www.zerodayinitiative.com/advisories/ZDI-14-170/
- http://www.zerodayinitiative.com/advisories/ZDI-14-171/
- http://www.zerodayinitiative.com/advisories/ZDI-14-172/
Products affected by CVE-2014-3911
-
cpe:2.3:a:samsung:ipolis_device_manager:1.8.2