EnjoySAP SAP GUI ActiveX Control Arbitrary File Download Vulnerability
Severity: : Critical
CVE Kennungen: : CVE-2008-4830
Advisory Date: 21 de lipca de 2015
DESCRIPTION
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1006148
Trend Micro Deep Security DPI Rule Name: 1006148 - EnjoySAP SAP GUI ActiveX Control Arbitrary File Download Vulnerability
AFFECTED SOFTWARE AND VERSION:
- sap sap_gui 6.40
- sap sap_gui 7.10