CVE-2014-3912

Name of the Vulnerable Software and Affected Versions Samsung iPOLiS Device Manager versions prior to 1.8.7

Description The issue is related to a stack-based buffer overflow in the FindConfigChildeKeyList method of the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. This allows remote attackers to execute arbitrary code via a long value. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to 1.8.7, update to version 1.8.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control until the update is applied.