EnjoySAP SAP GUI ActiveX Control Arbitrary File Download Vulnerability
Publish date: 21 de julio de 2015
Gravedad: Crítico
Identificadores de CVE : CVE-2008-4830
Fecha recomendada: 21 de julio de 2015
Descripción
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1006148
Trend Micro Deep Security DPI Rule Name: 1006148 - EnjoySAP SAP GUI ActiveX Control Arbitrary File Download Vulnerability
Software y versión afectados
- sap sap_gui 6.40
- sap sap_gui 7.10