Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4333

CWE-119Buffer Overflow5 documents4 sources
Severity
10.0CRITICAL
EPSS
69.4%
top 1.35%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Samsung Net-i Viewer
Timeline
PublishedAug 14
Latest updateMay 17

Description

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDsamsung/net-i_viewer1.37.120316

🔴Vulnerability Details

2
GHSA
GHSA-w48m-gwjw-75cg: Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 12022-05-17
CVEList
CVE-2012-4333: Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 12012-08-14

💥Exploits & PoCs

2
Exploit-DB
Samsung NET-i viewer - Multiple ActiveX 'BackupToAvi()' Remote Overflows (Metasploit)2012-06-08
Exploit-DB
Samsung NET-i ware 1.37 - Multiple Vulnerabilities2012-04-22
CVE-2012-4333 (CRITICAL CVSS 10) | Multiple stack-based buffer overflo | cvebase.io