CVE-2014-3911 Information

Description

Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start (2) ChangeControlLocalName (3) DeleteDeviceProfile (4) FrameAdvanceReader or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.

Reference

http://update.websamsung.net/Tools/iPOLiS20Device20Manager/iPOLiS20Device20Manager_v1.8.7_setup_Full.zip http://www.securityfocus.com/bid/67822 http://www.zerodayinitiative.com/advisories/ZDI-14-167/ http://www.zerodayinitiative.com/advisories/ZDI-14-168/ http://www.zerodayinitiative.com/advisories/ZDI-14-170/ http://www.zerodayinitiative.com/advisories/ZDI-14-171/ http://www.zerodayinitiative.com/advisories/ZDI-14-172/