Vulnerability CVE-2015-8039


Published: 2015-11-02

Description:
Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Samsung -> Smartviewer 

 References:
http://www.securityfocus.com/bid/77079
http://www.zerodayinitiative.com/advisories/ZDI-15-462
http://www.zerodayinitiative.com/advisories/ZDI-15-463

Copyright 2022, cxsecurity.com

 

Back to Top