Check Point Advisories

Update Protection against SAP GUI SAPBExCommonResources ActiveX Command Execution

Check Point Reference: CPAI-2010-123
Date Published: 23 Apr 2010
Severity: High
Last Updated: Friday 01 January, 2010
Source: Discoverer advisory
Protection Provided by:
Who is Vulnerable? SAP GUI 7.10 and BI 7.0
Vulnerability Description A buffer overflow vulnerability has been reported in SAP GUI, the GUI client in SAP's 3-tier architecture of database, application server and client. The vulnerability exists in the SAP GUI SAPBExCommonResources ActiveX control. The vulnerability may allow remote attackers to execute arbitrary command by convincing a target user to open a maliciously crafted HTML document.
Update/Patch AvaliableVendor's advisory
Vulnerability DetailsThe vulnerability is due to exposing the Execute method in the APBExCommonResources control. The method can be leveraged by attackers to execute arbitrary programs on the vulnerable host.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK