{"api_version":"1","generated_at":"2026-04-20T03:17:54+00:00","cve":"CVE-2015-8039","urls":{"html":"https://cve.report/CVE-2015-8039","api":"https://cve.report/api/cve/CVE-2015-8039.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-8039","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-8039"},"summary":{"title":"CVE-2015-8039","description":"Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2015-11-02 19:59:00","updated_at":"2018-03-16 01:29:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/77079","name":"77079","refsource":"BID","tags":[],"title":"Samsung SmartViewer CVE-2015-8039 Multiple Remote Code Execution Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-15-463","name":"http://www.zerodayinitiative.com/advisories/ZDI-15-463","refsource":"MISC","tags":[],"title":"Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-15-462","name":"http://www.zerodayinitiative.com/advisories/ZDI-15-462","refsource":"MISC","tags":[],"title":"Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-8039","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8039","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"8039","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samsung","cpe5":"smartviewer","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"8039","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samsung","cpe5":"smartviewer","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-8039","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"77079","refsource":"BID","url":"http://www.securityfocus.com/bid/77079"},{"name":"http://www.zerodayinitiative.com/advisories/ZDI-15-463","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-15-463"},{"name":"http://www.zerodayinitiative.com/advisories/ZDI-15-462","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-15-462"}]}},"nvd":{"publishedDate":"2015-11-02 19:59:00","lastModifiedDate":"2018-03-16 01:29:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samsung:smartviewer:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"8039","Ordinal":"85055","Title":"CVE-2015-8039","CVE":"CVE-2015-8039","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"8039","Ordinal":"1","NoteData":"Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"8039","Ordinal":"2","NoteData":"2015-11-02","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"8039","Ordinal":"3","NoteData":"2018-03-15","Type":"Other","Title":"Modified"}]}}}