Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4250

CWE-119 — Buffer Overflow4 documents4 sources

Severity

9.3CRITICAL

EPSS

34.7%

top 2.99%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Samsung Net-i Viewer

Timeline

PublishedAug 13

Latest updateMay 17

Description

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDsamsung/net-i_viewer1.37

🔴Vulnerability Details

GHSA

GHSA-83xj-wgx6-qphf: Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl↗2022-05-17

▶

CVEList

CVE-2012-4250: Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl↗2012-08-13

▶

💥Exploits & PoCs

Exploit-DB

SAMSUNG NET-i Viewer 1.37 - Overwrite (SEH)↗2012-05-01

▶