CVE-2012-2990

Published: Aug 24, 2012Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document.

Affected (1)

Products: Samsung: Kies

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Samsung Kies	Up to 2.3.2.12074

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://www.kb.cert.org/vuls/id/663809

Source: cret@cert.org

PatchUS Government Resource

http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=931

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/663809

Source: af854a3a-2127-422b-91ae-364da2661108

PatchUS Government Resource

http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=931

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.