EnjoySAP SAP GUI ActiveX Control Arbitrary File Download (CVE-2008-4830)
| Check Point Reference: | CPAI-2011-480 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: 32869 | |
| Industry Reference(s): | CVE-2008-4830 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? SAP GUI 6.40 Patch 29 including KWEDIT.DLL version 6400.1.1.41 SAP GUI 7.10 Patch 5 including KWEDIT.DLL version 7100.1.1.43 | ||
| Vulnerability Description An arbitrary file download vulnerability has been reported in EnjoySAP, a GUI for SAP. |
||
|
Vulnerability Details The vulnerability is due to an input validation error while processing a certain method. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted HTML page. Successful exploitation would allow an attacker to download arbitrary files from the target user's system. |
Protection Overview
This protection will detect and block the transferring of malicious HTML files over HTTP.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.