PT-2012-5278 · Samsung · Samsung Net-I Viewer+2
Blake
·
Published
2012-08-13
·
Updated
2017-08-29
·
CVE-2012-4250
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Samsung NET-i viewer version 1.37
Description
The issue is related to a stack-based buffer overflow in the RequestScreenOptimization function within the XProcessControl.ocx ActiveX control in msls31.dll. This allows remote attackers to execute arbitrary code by providing a long string in the first argument.
Recommendations
For Samsung NET-i viewer version 1.37, consider disabling the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control until a patch is available. Restrict access to the msls31.dll module to minimize the risk of exploitation. Avoid using long strings in the first argument of the affected function to prevent potential code execution.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samsung Net-I Viewer
Xprocesscontrol.Ocx
Msls31.Dll