CVSS: 7.5EPSS: 81%CPEs: 1EXPL: 0CVE-2015-1495 – Motorola Scanner SDK OPOSScale.ocx Open Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1495
Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. Múltiples desbordamientos de buffer basado en pila en Motorola Scanner SDK permiten a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada en el método Open en (1) IOPOSScanner.ocx o (2) IOPOSScale.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Motorola Scanner SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IOPOSScale Open method which performs an unbounded string copy operation into a fixed-length stack buffer using attacker-supplied input. A remote attacker can leverage this to execute arbitrary code under the context of the browser process. • http://www.zerodayinitiative.com/advisories/ZDI-15-033 http://www.zerodayinitiative.com/advisories/ZDI-15-034 https://portal.motorolasolutions.com/Support/US-EN/Resolution?solutionId=87666 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1496 – Motorola Scanner SDK ScannerService.exe Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-1496
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. Motorola Scanner SDK utiliza permisos débiles para (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, y (3) ScannerService.exe, lo que permite a usuarios locales ganar privilegios a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code with elevated privileges on vulnerable installations of Motorola Scanner SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the file permissions (ACLs) on an installed directory. ScannerService.exe is vulnerable to tampering by all users. • http://www.zerodayinitiative.com/advisories/ZDI-15-035 http://www.zerodayinitiative.com/advisories/ZDI-15-036 http://www.zerodayinitiative.com/advisories/ZDI-15-037 https://portal.motorolasolutions.com/Support/US-EN/Resolution?solutionId=87666 • CWE-264: Permissions, Privileges, and Access Controls •