EnjoySAP SAP GUI ActiveX Control Arbitrary File Download Vulnerability
Severity: CRITICAL
CVE Identifier: CVE-2008-4830
Advisory Date: JUL 21, 2015
DESCRIPTION
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1006148
Trend Micro Deep Security DPI Rule Name: 1006148 - EnjoySAP SAP GUI ActiveX Control Arbitrary File Download Vulnerability
AFFECTED SOFTWARE AND VERSION
- sap sap_gui 6.40
- sap sap_gui 7.10