The MarkAny ContentSAFER MASetupCaller ActiveX control fails to restrict access to dangerous methods, which can allow a remote unauthenticated attacker to download and execute arbitrary code on a vulnerable system.
MarkAny ContentSAFER is a DRM and watermarking product that is distributed with Samsung KIES. The MarkAny ContentSAFER MASetupCaller ActiveX control, which is provided by MASetupCaller.dll, contains several unsafe methods.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to download and execute arbitrary code.
Apply an update
This issue is addressed with Samsung KIES 126.96.36.19974_13_13, which comes with version 1.4.2012.508 of the MarkAny ContentSAFER MASetupCaller ActiveX control.
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2012-08-23|
|Date Last Updated:||2012-08-23 20:25 UTC|