CVE-2015-8039

Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/77079
http://www.zerodayinitiative.com/advisories/ZDI-15-462
http://www.zerodayinitiative.com/advisories/ZDI-15-463
http://www.securityfocus.com/bid/77079
http://www.zerodayinitiative.com/advisories/ZDI-15-462
http://www.zerodayinitiative.com/advisories/ZDI-15-463

Configurations

Configuration 1 (hide)

cpe:2.3:a:samsung:smartviewer:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:37

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/77079 -~~	() http://www.securityfocus.com/bid/77079 -
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-15-462 -~~	() http://www.zerodayinitiative.com/advisories/ZDI-15-462 -
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-15-463 -~~	() http://www.zerodayinitiative.com/advisories/ZDI-15-463 -

Information

Published : 2015-11-02 19:59

Updated : 2024-11-21 02:37

NVD link : CVE-2015-8039

Mitre link : CVE-2015-8039

CVE.ORG link : CVE-2015-8039

JSON object : View

Products Affected

samsung

smartviewer

CWE

NVD-CWE-Other

{"id": "CVE-2015-8039", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-11-02T19:59:19.177", "references": [{"url": "http://www.securityfocus.com/bid/77079", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-462", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-463", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/77079", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-462", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-463", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference."}, {"lang": "es", "value": "Samsung SmartViewer permite que los atacantes remotos ejecuten c\u00f3digo arbitrario mediante vectores sin especificar en (1) el m\u00e9todo DVRSetupSave en el control STWAxConfig o (2) el m\u00e9todo SendCustomPacket en el control STWAxConfigNVR, lo que desencadena una desreferencia de puntero no fiable."}], "lastModified": "2024-11-21T02:37:54.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:smartviewer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9D3173B-53C9-4A0F-B580-609880B4B386"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "sourceIdentifier": "cve@mitre.org"}