Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-0555

CWE-119 ā€” Buffer Overflow5 documents4 sources
Severity
6.8MEDIUM
EPSS
24.9%
top 3.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Samsung Ipolis Device Manager
Timeline
PublishedFeb 24
Latest updateMay 17

Description

Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

šŸ”“Vulnerability Details

2
GHSA
GHSA-w6fq-mgc2-38mc: Buffer overflow in the XnsSdkDeviceIpInstallerā†—2022-05-17
ā–¶
CVEList
CVE-2015-0555: Buffer overflow in the XnsSdkDeviceIpInstallerā†—2015-02-24
ā–¶

šŸ’„Exploits & PoCs

2
Exploit-DB
Samsung iPOLiS - ReadConfigValue Remote Code Executionā†—2015-04-14
ā–¶
Exploit-DB
Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue (PoC)ā†—2015-02-22
ā–¶
CVE-2015-0555 (MEDIUM CVSS 6.8) | Buffer overflow in the XnsSdkDevice | cvebase.io