CVE-2015-8039

{"id": "CVE-2015-8039", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-11-02T19:59:19.177", "references": [{"url": "http://www.securityfocus.com/bid/77079", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-462", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-463", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference."}, {"lang": "es", "value": "Samsung SmartViewer permite que los atacantes remotos ejecuten c\u00f3digo arbitrario mediante vectores sin especificar en (1) el m\u00e9todo DVRSetupSave en el control STWAxConfig o (2) el m\u00e9todo SendCustomPacket en el control STWAxConfigNVR, lo que desencadena una desreferencia de puntero no fiable."}], "lastModified": "2018-03-16T01:29:00.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samsung:smartviewer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9D3173B-53C9-4A0F-B580-609880B4B386"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "sourceIdentifier": "cve@mitre.org"}