22 matches found
EUVD-2007-3592
Malware in sbrugna...
EnjoySAP SAP GUI ActiveX Control Buffer Overflow
No description provided by source. $Id: enjoysapguipreparetoposthtml.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing...
EnjoySAP 6.4, 7.1 - File Overwrite
No description provided by source...
EnjoySAP ActiveX kweditcontrol.kwedit.1 - Remote Stack Overflow PoC
No description provided by source. !-- ======= Summary ======= Name: EnjoySAP, SAP GUI for Windows - Stack Overflow Release Date: 5 July 2007 Reference: NGS00483 Discover: Mark Litchfield [email protected] Vendor: SAP Vendor Reference: SECRES-289 Systems Affected: All Versions Risk: High Statu...
EnjoySAP SAP GUI ActiveX Control Buffer Overflow (CVE-2007-3605)
A file execution vulnerability has been reported in EnjoySAP SAP GUI. The vulnerability is due to a boundary error in EnjoySAP while handling a certain method. A remote attacker may exploit this vulnerability by enticing an unsuspecting user to open a malicious link. Successful exploitation of th...
EnjoySAP SAP GUI ActiveX Control Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'EnjoySAP SAP...
EnjoySAP SAP GUI ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in SAP KWEdit ActiveX Control kwedit.dll 6400.1.1.41 provided by EnjoySAP GUI. By sending an overly long string to the "PrepareToPostHTML" method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
NGS-enjoysap-stack.txt
======= Summary ======= Name: EnjoySAP, SAP GUI for Windows - Stack Overflow Release Date: 5 July 2007 Reference: NGS00483 Discover: Mark Litchfield Vendor: SAP Vendor Reference: SECRES-289 Systems Affected: All Versions Risk: High Status: Fixed ======== TimeLine ======== Discovered: 4 January 20...
Code injection
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service process crash via unspecified vectors...
CVE-2007-3607
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service process crash via unspecified vectors...
Heap overflow
Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function...
Code injection
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors...
CVE-2007-3608
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors...
CVE-2007-3607
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service process crash via unspecified vectors...
CVE-2007-3606
CVE-2007-3606 affects EnjoySAP SAP GUI’s rfcguisink.rfcguisink.1 ActiveX control on ASCII versions. The vulnerability is a heap-based buffer overflow triggered by a long first argument to the LaunchGui function, allowing remote code execution. Connected sources confirm the heap overflow in this A...
CVE-2007-3607
Technical details of CVE-2007-3607 are not publicly provided in the supplied documents. Only a generic description of unspecified ActiveX control vulnerabilities affecting EnjoySAP SAP GUI is available; monitor for official updates.
CVE-2007-3605
CVE-2007-3605 is a stack-based buffer overflow in SAP GUI’s EnjoySAP KWEdit ActiveX (kwedit.dll) that allows remote code execution via a too-long argument to PrepareToPostHTML. Public references mention kwedit.dll (version 6400.1.1.41 in the Metasploit module) and an exploit presence (Exploit-DB ...
CVE-2007-3608
CVE-2007-3608 concerns vulnerable ActiveX controls in the EnjoySAP SAP GUI. The available records indicate multiple unspecified vulnerabilities that enable remote attackers to create certain files via unspecified vectors. The description does not specify affected product versions, root cause deta...
EnjoySAP ActiveX kweditcontrol.kwedit.1 - Remote Stack Overflow (PoC)
Vendor: SAP Vendor Reference: SECRES-289 Systems Affected: All Versions Risk: High Status: Fixed ======== TimeLine ======== Discovered: 4 January 2007 Released: 19 January 2007 Approved: 29 January 2007 Reported: 11 January 2007 Fixed: 18 May 2007 Published: =========== Description ===========...
EnjoySAP ActiveX kweditcontrol.kwedit.1 - Remote Stack Overflow (PoC)
EnjoySAP ActiveX kweditcontrol.kwedit.1 - Remote Stack Overflow PoC Vendor: SAP Vendor Reference: SECRES-289 Systems Affected: All Versions Risk: High Status: Fixed ======== TimeLine ======== Discovered: 4 January 2007 Released: 19 January 2007 Approved: 29 January 2007 Reported: 11 January 2007...