search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

MarkAny ContentSAFER MASetupCaller ActiveX control arbitrary download and execution

Vulnerability Note VU#663809

Original Release Date: 2012-08-23 | Last Revised: 2012-08-23

Overview

The MarkAny ContentSAFER MASetupCaller ActiveX control fails to restrict access to dangerous methods, which can allow a remote unauthenticated attacker to download and execute arbitrary code on a vulnerable system.

Description

MarkAny ContentSAFER is a DRM and watermarking product that is distributed with Samsung KIES. The MarkAny ContentSAFER MASetupCaller ActiveX control, which is provided by MASetupCaller.dll, contains several unsafe methods.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to download and execute arbitrary code.

Solution

Apply an update

This issue is addressed with Samsung KIES 2.3.2.12074_13_13, which comes with version 1.4.2012.508 of the MarkAny ContentSAFER MASetupCaller ActiveX control.


Disable the MarkAny ContentSAFER MASetupCaller ActiveX control in Internet Explorer

The vulnerable MarkAny ContentSAFER MASetupCaller ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:

{99806ADD-C5EF-4632-A3D0-3E778B051F94}
More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{99806ADD-C5EF-4632-A3D0-3E778B051F94}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{99806ADD-C5EF-4632-A3D0-3E778B051F94}]
"Compatibility Flags"=dword:00000400

Vendor Information

663809
 
Expand all

Samsung Affected

Notified:  May 03, 2012 Updated: August 23, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Addendum

This issue is addressed with Samsung KIES 2.3.2.12074_13_13.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 10 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 8.7 E:H/RL:OF/RC:C
Environmental 8.7 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

This vulnerability was reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2012-2990
Date Public: 2012-06-05
Date First Published: 2012-08-23
Date Last Updated: 2012-08-23 20:25 UTC
Document Revision: 14

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis