SAP SAPgui MDrmSap ActiveX (mdrmsap.dll) Buffer Overflow

The remote host contains the 'MDrmSap' ActiveX control included with SAP GUI version 6.40 for Windows. This control is reportedly affected by a buffer overflow involving instantiation by Internet Explorer. If an attacker can trick a user on the affected host into visiting a specially crafted web...

SAP AG SAPgui mdrmsap.dll ActiveX控件远程代码执行漏洞

BUGTRAQ ID: 32186 CVECAN ID: CVE-2008-4387 SAPgui是SAP软件的图形用户界面客户端。 SAPgui的一个组件提供名为MDrmSap的ActiveX控件（mdrmsap.dll）。该控件没有正确地验证某些用户输入参数，如果用户使用IE打开了恶意HTML文档并试图实例化该控件，就会导致浏览器崩溃或执行任意代码。 SAP Sapgui 临时解决方法： 在IE中禁用MDrmSap ActiveX控件，为以下CLSID设置kill bit： B01952B0-AF66-11D1-B10D-0060086F6D97 或将以下文本保存为.REG文件并导入...

DSquare Exploit Pack: D2SEC_SAPGUI

Name| d2secsapgui ---|--- CVE| CVE-2008-4387 Exploit Pack| D2ExploitPack Description| SAP AG SAPgui mdrmsap.dll ActiveX Stack Overflow Notes|...

CVE-2008-4387

The CVE concerns SAP GUI for Windows (SAPgui) component MDrmSap ActiveX (mdrmsap.dll). A buffer overflow in the ActiveX control, reportedly affected in version 3.5.1.635 (and possibly earlier), can be triggered during instantiation from Internet Explorer, enabling remote code execution with user ...