Vulnerability Details CVE-2014-3911
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.114
EPSS Ranking 93.2%
CVSS Severity
CVSS v2 Score 9.3
References
- http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip
- http://www.securityfocus.com/bid/67822
- http://www.zerodayinitiative.com/advisories/ZDI-14-167/
- http://www.zerodayinitiative.com/advisories/ZDI-14-168/
- http://www.zerodayinitiative.com/advisories/ZDI-14-170/
- http://www.zerodayinitiative.com/advisories/ZDI-14-171/
- http://www.zerodayinitiative.com/advisories/ZDI-14-172/
- http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20Manager_v1.8.7_setup_Full.zip
- http://www.securityfocus.com/bid/67822
- http://www.zerodayinitiative.com/advisories/ZDI-14-167/
- http://www.zerodayinitiative.com/advisories/ZDI-14-168/
- http://www.zerodayinitiative.com/advisories/ZDI-14-170/
- http://www.zerodayinitiative.com/advisories/ZDI-14-171/
- http://www.zerodayinitiative.com/advisories/ZDI-14-172/
Products affected by CVE-2014-3911
-
cpe:2.3:a:samsung:ipolis_device_manager:1.8.2