Software Engineering Institute

MarkAny ContentSAFER is a DRM and watermarking product that is distributed with Samsung KIES. The MarkAny ContentSAFER MASetupCaller ActiveX control, which is provided by MASetupCaller.dll, contains several unsafe methods.

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to download and execute arbitrary code.

Apply an update

This issue is addressed with Samsung KIES 2.3.2.12074_13_13, which comes with version 1.4.2012.508 of the MarkAny ContentSAFER MASetupCaller ActiveX control.

Disable the MarkAny ContentSAFER MASetupCaller ActiveX control in Internet Explorer

The vulnerable MarkAny ContentSAFER MASetupCaller ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:

{99806ADD-C5EF-4632-A3D0-3E778B051F94}
More information about how to set the kill bit is available in Microsoft Support Document 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for this control:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{99806ADD-C5EF-4632-A3D0-3E778B051F94}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{99806ADD-C5EF-4632-A3D0-3E778B051F94}]
"Compatibility Flags"=dword:00000400