Release date:
Updated on:
Affected Systems:
Krcert MarkAny Content SAFER MASetupCaller ActiveX Control
Samsung Kies 2.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-2990
MarkAny ContentSAFER is a DRM and watermark product released with Samsung KIES.
The MarkAny ContentSAFER MASetupCaller ActiveX control provided by MASetupCaller. dll has multiple Insecure Methods. Attackers can download and execute arbitrary code by enticing users to view specially crafted HTML documents.
<* Source: Will Dormann
Link: http://secunia.com/advisories/50405/
Http://www.kb.cert.org/vuls/id/663809
*>
Suggestion:
--------------------------------------------------------------------------------
Temporary solution:
If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:
* Disable the vulnerability MarkAny ContentSAFER MASetupCaller ActiveX control in IE.
Vendor patch:
Krcert
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.krcert.or.kr/kor/data/