Samsung NET-i ware Multiple Remote Vulnerabilities

Bugtraq ID:	53193
Class:	Unknown
CVE:	CVE-2012-4333 CVE-2012-4334 CVE-2012-4335
Remote:	Yes
Local:	No
Published:	Apr 23 2012 12:00AM
Updated:	Aug 16 2012 01:30PM
Credit:	Luigi Auriemma
Vulnerable:	Samsung NET-i ware 1.37 Samsung NET-i viewer 1.37
Not Vulnerable:

Samsung NET-i ware Multiple Remote Vulnerabilities

Samsung NET-i ware is prone to multiple denial-of-service and remote code-execution issues.

Attackers could exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer) or cause a denial -of-service condition.

Samsung NET-i ware 1.37 and prior are vulnerable; other versions may also be affected.

Samsung NET-i ware Multiple Remote Vulnerabilities

The researcher who found the issues has created proof-of-concept files. Please see the references for information.

The following exploit code is available:

• /data/vulnerabilities/exploits/53193.rb

Samsung NET-i ware Multiple Remote Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Samsung NET-i ware Multiple Remote Vulnerabilities

References:

• Samsung NET-i viewer (Samsung)
  
• Samsung NET-i ware (Samsung)
  
• Samsung NET-i ware <= 1.37 Multiple Vulnerabilities (Luigi Auriemma)