EnjoySAP SAP GUI ActiveX Control Arbitrary File Download Vulnerability
Data de publicação: 21 julho 2015
Schweregrad: : Crítico
Identificador(es) CVE: : CVE-2008-4830
Data do informe: 21 julho 2015
Descrição
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1006148
Trend Micro Deep Security DPI Rule Name: 1006148 - EnjoySAP SAP GUI ActiveX Control Arbitrary File Download Vulnerability
Software infectado e versão:
- sap sap_gui 6.40
- sap sap_gui 7.10