Executive Summary

Summary
Title MarkAny ContentSAFER MASetupCaller ActiveX control arbitrary download and execution
Informations
Name VU#663809 First vendor Publication 2012-08-23
Vendor VU-CERT Last vendor Modification 2012-08-23
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#663809

MarkAny ContentSAFER MASetupCaller ActiveX control arbitrary download and execution

Original Release date: 23 Aug 2012 | Last revised: 23 Aug 2012

Overview

The MarkAny ContentSAFER MASetupCaller ActiveX control fails to restrict access to dangerous methods, which can allow a remote unauthenticated attacker to download and execute arbitrary code on a vulnerable system.

Description

MarkAny ContentSAFER is a DRM and watermarking product that is distributed with Samsung KIES. The MarkAny ContentSAFER MASetupCaller ActiveX control, which is provided by MASetupCaller.dll, contains several unsafe methods.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to download and execute arbitrary code.

Solution

Apply an update

This issue is addressed with Samsung KIES 2.3.2.12074_13_13, which comes with version 1.4.2012.508 of the MarkAny ContentSAFER MASetupCaller ActiveX control.


Disable the MarkAny ContentSAFER MASetupCaller ActiveX control in Internet Explorer

The vulnerable MarkAny ContentSAFER MASetupCaller ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:

    {99806ADD-C5EF-4632-A3D0-3E778B051F94}
More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{99806ADD-C5EF-4632-A3D0-3E778B051F94}]
    "Compatibility Flags"=dword:00000400
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{99806ADD-C5EF-4632-A3D0-3E778B051F94}]
    "Compatibility Flags"=dword:00000400

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
SamsungAffected03 May 201223 Aug 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal8.7E:H/RL:OF/RC:C
Environmental8.7CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • http://www.markany.com/en/?page_id=2117
  • http://www.samsung.com/us/kies/
  • http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=931

Credit

This vulnerability was reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Other Information

  • CVE IDs:CVE-2012-2990
  • Date Public:05 Jun 2012
  • Date First Published:23 Aug 2012
  • Date Last Updated:23 Aug 2012
  • Document Revision:12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/663809

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Nessus® Vulnerability Scanner

Date Description
2012-12-14 Name : The remote host has software installed that is affected by an arbitrary file ...
File : markany_content_safer_activex.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:08:05
  • Multiple Updates