CVE-2015-8039 - Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the

CVE-2015-8039

Summary

Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>

References

http://www.securityfocus.com/bid/77079
http://www.zerodayinitiative.com/advisories/ZDI-15-462
http://www.zerodayinitiative.com/advisories/ZDI-15-463

Vulnerable Configurations

cpe:2.3:a:samsung:smartviewer:-:*:*:*:*:*:*:*
cpe:2.3:a:samsung:smartviewer:-:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 16-03-2018 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	77079
misc	http://www.zerodayinitiative.com/advisories/ZDI-15-462 http://www.zerodayinitiative.com/advisories/ZDI-15-463

Last major update

16-03-2018 - 01:29

Published

02-11-2015 - 19:59

Last modified

16-03-2018 - 01:29