CVE-2014-3911

Published Jun 11, 2014

Last updated 10 years ago

Overview

Description: Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-94

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:samsung:ipolis_device_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D65183CA-DC95-4BBE-A516-BD9401CF8B14",
            "versionEndIncluding": "1.8.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References