SAPgui EAI WebViewer3D ActiveX control SaveViewToSessionFile buffer overflow

2009-04-07T00:00:00
ID SAINT:BE7C0CCABE9E8AA48891798E5FB134BF
Type saint
Reporter SAINT Corporation
Modified 2009-04-07T00:00:00

Description

Added: 04/07/2009
CVE: CVE-2007-4475
BID: 34310
OSVDB: 53066

Background

SAPgui for Windows registers the EAI WebViewer3D ActiveX control.

Problem

A buffer overflow vulnerability in the EAI WebViewer3D ActiveX control allows command execution when a user loads a web page which invokes the SaveViewToSessionFile method with a long, specially crafted argument.

Resolution

Upgrade to SAPgui 7.10 Patch Level 9.

References

<http://www.kb.cert.org/vuls/id/985449>

Limitations

Exploit works on SAPgui 7.10 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows