MarkAny Content SAFER ActiveX Arbitrary Download and Execution

High Nessus Plugin ID 63268


The remote host has software installed that is affected by an arbitrary file write vulnerability.


The remote host has the MarkAny Content SAFER ActiveX control installed, which is distributed with Samsung KIES. It is affected by an arbitrary file write vulnerability that is triggered during the parsing of a method call. This may allow attackers to overwrite or download arbitrary files.


Upgrade to MarkAny Content SAFER version 1.4.2012.508 or later.

See Also

Plugin Details

Severity: High

ID: 63268

File Name: markany_content_safer_activex.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2012/12/14

Modified: 2013/05/23

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:samsung:kies, x-cpe:/a:markany:content_safer

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/06/05

Vulnerability Publication Date: 2012/06/05

Reference Information

CVE: CVE-2012-2990

BID: 55192

OSVDB: 84938

CERT: 663809