CVE-2015-0555

Name of the Vulnerable Software and Affected Versions Samsung iPOLiS Device Manager version 1.12.2

Description The issue is related to a buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control. This allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.

Recommendations For Samsung iPOLiS Device Manager version 1.12.2, as a temporary workaround, consider disabling the ReadConfigValue and WriteConfigValue functions until a patch is available. Restrict access to the XnsSdkDeviceIpInstaller.ocx ActiveX control to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.