PT-2012-4417 · Markany+1 · Markany Contentsafer+1

Stefan Schurtz

Published

2012-08-24

Updated

2012-08-29

CVE-2012-2990

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MarkAny ContentSAFER versions prior to 1.4.2012.508 Samsung KIES versions prior to 2.3.2.12074 13 13

Description The issue allows remote attackers to download and execute an arbitrary program onto a client machine via a crafted HTML document, due to the MASetupCaller ActiveX control not properly implementing unspecified methods.

Recommendations For MarkAny ContentSAFER versions prior to 1.4.2012.508, update to version 1.4.2012.508 or later. For Samsung KIES versions prior to 2.3.2.12074 13 13, update to version 2.3.2.12074 13 13 or later.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2012-2990

Affected Products

Markany Contentsafer

Samsung Kies

PT-2012-4417 · Markany+1 · Markany Contentsafer+1

CVE-2012-2990

Weakness Enumeration

Related Identifiers

Affected Products

References · 3