SZDI e-mails vulnerability disclosure ZDI-CAN-1658 to It contains a vulnerability advisory and a proof of concept. SSamsung Security Team contacts ZDI and provides PGP key for secure communication of the vulnerability information. SSamsung provides ZDI with contact information. SZDI notifies Samsung of the preference that the vulnerability information go through Samsung's central incident response for tracking purposes. SSamsung provides ZDI with PGP and contact information. SZDI requested contact information and PGP keys for secure communication of vulnerability information from Samsung. SSamsung requested vulnerability information from ZDI so they can handle the vulnerability report. SMWR Labs demonstrated an exploit against the Samsung Galaxy S3 running Android 4.0.4 at Mobile Pwn2Own 2012.
#Polaris office 5 galaxy s4 update
Samsung and Infraware have issued an update to correct this vulnerability. This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. By abusing this behavior an attacker can ensure this memory is under control and leverage the situation to achieve remote code execution under the context of the Polaris Viewer application. As such, if it is too large, an overflow will occur into the adjacent buffer.
A tag associated with a VML shape is not properly validated. The specific flaw exists within the parsing of a DOCX file. User interaction is required to exploit this vulnerability in that the target must open a malicious file. This vulnerability allows remote attackers to execute arbitrary code on vulnerable Polaris Viewer. August 29th, 2013 (0Day) (Mobile Pwn2Own) Polaris Viewer DOCX VML Shape Tag Remote Code Execution Vulnerability ZDI-13-211