MarkAny Content SAFER ActiveX Arbitrary Download and Execution

high Nessus Plugin ID 63268

Synopsis

The remote host has software installed that is affected by an arbitrary file write vulnerability.

Description

The remote host has the MarkAny Content SAFER ActiveX control installed, which is distributed with Samsung KIES. It is affected by an arbitrary file write vulnerability that is triggered during the parsing of a method call. This may allow attackers to overwrite or download arbitrary files.

Solution

Upgrade to MarkAny Content SAFER version 1.4.2012.508 or later.

See Also

http://www.markany.com/en/?p=2307

Plugin Details

Severity: High

ID: 63268

File Name: markany_content_safer_activex.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 12/14/2012

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/a:markany:content_safer, cpe:/a:samsung:kies

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 6/5/2012

Vulnerability Publication Date: 6/5/2012

Reference Information

CVE: CVE-2012-2990

BID: 55192

CERT: 663809