Sign-up

ID

VAR-201502-0128


CVE

CVE-2015-0555


TITLE

Samsung iPOLiS Device Manager of XnsSdkDeviceIpInstaller.ocx ActiveX Control buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001586

DESCRIPTION

Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function. Samsung iPOLiS Device Manager is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 1.98

sources: NVD: CVE-2015-0555 // JVNDB: JVNDB-2015-001586 // BID: 74877 // VULMON: CVE-2015-0555

AFFECTED PRODUCTS

vendor:samsungmodel:ipolis device managerscope:eqversion:1.12.2

Trust: 2.7

sources: BID: 74877 // JVNDB: JVNDB-2015-001586 // CNNVD: CNNVD-201502-359 // NVD: CVE-2015-0555

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0555
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0555
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201502-359
value: MEDIUM

Trust: 0.6

VULMON: CVE-2015-0555
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0555
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2015-0555 // JVNDB: JVNDB-2015-001586 // CNNVD: CNNVD-201502-359 // NVD: CVE-2015-0555

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2015-001586 // NVD: CVE-2015-0555

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-359

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201502-359

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001586

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2015-0555

PATCH
title:iPOLiS Device Manager v1.16url:https://www.samsung-security.com/Tools/device-manager.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001586

EXTERNAL IDS
db:NVDid:CVE-2015-0555
Trust: 2.8
db:PACKETSTORMid:131421
Trust: 1.1
db:JVNDBid:JVNDB-2015-001586
Trust: 0.8
db:CNNVDid:CNNVD-201502-359
Trust: 0.6
db:BIDid:74877
Trust: 0.3
db:EXPLOIT-DBid:36756
Trust: 0.1
db:VULMONid:CVE-2015-0555
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-0555 // 
            
            
            
            BID: 74877 // 
            
            
            
            JVNDB: JVNDB-2015-001586 // 
            
            
            
            CNNVD: CNNVD-201502-359 // 
            
            
            
            NVD: CVE-2015-0555

REFERENCES
url:http://seclists.org/fulldisclosure/2015/feb/81
Trust: 2.8
url:http://packetstormsecurity.com/files/131421/samsung-ipolis-1.12.2-readconfigvalue-remote-code-execution.html
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0555
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0555
Trust: 0.8
url:https://www.samsung-security.com/tools/device-manager.aspx
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://www.exploit-db.com/exploits/36756/
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-0555 // 
            
            
            
            BID: 74877 // 
            
            
            
            JVNDB: JVNDB-2015-001586 // 
            
            
            
            CNNVD: CNNVD-201502-359 // 
            
            
            
            NVD: CVE-2015-0555

CREDITS
Praveen Darshanam
Trust: 0.3
sources:
            
            
            BID: 74877

SOURCES
db:VULMONid:CVE-2015-0555
db:BIDid:74877
db:JVNDBid:JVNDB-2015-001586
db:CNNVDid:CNNVD-201502-359
db:NVDid:CVE-2015-0555

LAST UPDATE DATE
2025-04-12T23:35:07.544000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2015-0555date:2016-04-01T00:00:00
db:BIDid:74877date:2015-05-28T00:00:00
db:JVNDBid:JVNDB-2015-001586date:2015-02-25T00:00:00
db:CNNVDid:CNNVD-201502-359date:2015-02-26T00:00:00
db:NVDid:CVE-2015-0555date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULMONid:CVE-2015-0555date:2015-02-24T00:00:00
db:BIDid:74877date:2015-05-28T00:00:00
db:JVNDBid:JVNDB-2015-001586date:2015-02-25T00:00:00
db:CNNVDid:CNNVD-201502-359date:2015-02-26T00:00:00
db:NVDid:CVE-2015-0555date:2015-02-24T15:59:04.660