CVE-2015-1495
Motorola Scanner SDK OPOSScale.ocx Open Method Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx.
Múltiples desbordamientos de buffer basado en pila en Motorola Scanner SDK permiten a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada en el método Open en (1) IOPOSScanner.ocx o (2) IOPOSScale.ocx.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Motorola Scanner SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the IOPOSScale Open method which performs an unbounded string copy operation into a fixed-length stack buffer using attacker-supplied input. A remote attacker can leverage this to execute arbitrary code under the context of the browser process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-05 CVE Reserved
- 2015-02-10 CVE Published
- 2024-06-22 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.zerodayinitiative.com/advisories/ZDI-15-033 | X_refsource_misc | |
http://www.zerodayinitiative.com/advisories/ZDI-15-034 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://portal.motorolasolutions.com/Support/US-EN/Resolution?solutionId=87666 | 2015-02-17 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Motorola Search vendor "Motorola" | Motorola Scanner Sdk Search vendor "Motorola" for product "Motorola Scanner Sdk" | - | - |
Affected
|