HTTP: Samsung SmartViewer Unsafe ActiveX Control

This signature detects attempts to use unsafe ActiveX controls in Samsung SmartViewer. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.

Affected Products

Samsung smartviewer

References

CVE: CVE-2015-8039

Short Name
HTTP:STC:ACTIVEX:SAMSUNG-VIEWER
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2015-8039 Control Samsung SmartViewer Unsafe
Release Date
01/12/2016
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Samsung

CVSS Score

6.8

Found a potential security threat?