Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAriele Caltabiano (kimiya)ZDI-15-463
HistoryOct 13, 2015 - 12:00 a.m.

(0Day) Samsung SmartViewer STWAxConfigNVR SendCustomPacket Untrusted Pointer Dereference Remote Code Execution Vulnerability

2015-10-1300:00:00
Ariele Caltabiano (kimiya)
www.zerodayinitiative.com
8

EPSS

0.934

Percentile

99.1%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung SmartViewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the STWAxConfigNVR control’s SendCustomPacket method. The control contains an untrusted pointer dereference vulnerability. It dereferences an attacker-supplied memory address. An attacker can exploit this condition to achieve code execution under the context of the browser process.

Related

cvelist 1
prion 1
nvd 1
zdi 1
checkpoint_advisories 2
cve 1
cvelist
cvelist
CVE-2015-8039
2015-11-02 19:00:00
prion
prion
Null pointer dereference
2015-11-02 19:59:00
nvd
nvd
CVE-2015-8039
2015-11-02 19:59:19
zdi
zdi
(0Day) Samsung SmartViewer STWAxConfig DVRSetupSave Untrusted Pointer Dereference Remote Code Execution Vulnerability
2015-10-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Samsung SmartViewer STWAxConfigNVR Memory Corruption (CVE-2015-8039)
2015-11-18 00:00:00
Samsung SmartViewer STWAxConfig Memory Corruption (CVE-2015-8039)
2015-11-18 00:00:00
cve
cve
CVE-2015-8039
2015-11-02 19:59:19

EPSS

0.934

Percentile

99.1%

JSON
Related for ZDI-15-463
cvelist1prion1nvd1zdi1checkpoint_advisories2cve1