CVE-2011-5154

Multiple untrusted search path vulnerabilities in 1 SAPGui.exe and 2 BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these...

SAP GUI DLL Loading Arbitrary Code Execution (Note 1511179)

The remote host is running a version of SAP GUI that reportedly insecurely looks in its current working directory when resolving DLLs such as 'MFC80LOC.DLL' and 'MFC80RUS.DLL'. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72211; scriptversion"1.4";...

CVE-2011-5154

The CVE-2011-5154 entry covers SAP GUI 6.4–7.2 with two vulnerable executables (SAPGui.exe and BExAnalyzer.exe). The issue is an untrusted search path that allows privilege escalation via a Trojan horse MFC80LOC.DLL in the current working directory, demonstrated by a directory containing a .sap f...

CVE-2011-5154

Multiple untrusted search path vulnerabilities in 1 SAPGui.exe and 2 BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these...