Vulnerability Description
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | Ipolis Device Manager | <= 1.8.2 |
Related Weaknesses (CWE)
References
- http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20MPatch
- http://www.securityfocus.com/bid/67822
- http://www.zerodayinitiative.com/advisories/ZDI-14-167/
- http://www.zerodayinitiative.com/advisories/ZDI-14-168/
- http://www.zerodayinitiative.com/advisories/ZDI-14-170/
- http://www.zerodayinitiative.com/advisories/ZDI-14-171/
- http://www.zerodayinitiative.com/advisories/ZDI-14-172/
- http://update.websamsung.net/Tools/iPOLiS%20Device%20Manager/iPOLiS%20Device%20MPatch
- http://www.securityfocus.com/bid/67822
- http://www.zerodayinitiative.com/advisories/ZDI-14-167/
- http://www.zerodayinitiative.com/advisories/ZDI-14-168/
- http://www.zerodayinitiative.com/advisories/ZDI-14-170/
- http://www.zerodayinitiative.com/advisories/ZDI-14-171/
- http://www.zerodayinitiative.com/advisories/ZDI-14-172/
FAQ
What is CVE-2014-3911?
CVE-2014-3911 is a vulnerability with a CVSS score of 9.3 (HIGH). Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvan...
How severe is CVE-2014-3911?
CVE-2014-3911 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3911?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung Ipolis Device Manager.