vendor:
a:samsung:kies
by:
HIGH
[EAX] instruction
CVSS
as EAX is previously zeroed by an unexpected NULL value in the memory region pointed by ECX."
NULL Pointer Dereference
High-Tech Bridge Security Research Lab
CWE
Product Name: a:samsung:kies
Affected Version From: Fixed by Vendor
Affected Version To: YES
Patch Exists: 476
Related CWE: 2012
CPE: 2.3.2.12054_20
Metasploit:
None
Other Scripts:
https://www.exploit-db.com/raw/22007
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Samsung Electronics
7,5
Null Pointer Dereference in Samsung Kies
The vulnerability exists due to a null pointer dereference error in GetDataTable() method within the Samsung.DeviceService.DCA.DeviceDataParagonATGM.1 ActiveX control (DCAPARAGONGM.dll, GUID {7650BC47-036D-4D5B-95B4-9D622C8D00A4}, located by default in "C:Program Files(x86)SamsungKiesExternalDeviceModules"). A remote attacker can pass ""tagDATATABLE_SUID"" argument equal to 0 to the GetDataTable() method and rise an ACCESS_VIOLATION exception on a MOV EDX
Mitigation:
CVE-2012-3806
