CVE-2012-4341

Multiple stack-based buffer overflows in msgserver.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service crash and execute arbitrary code via a 1 long parameter value, 2 crafted string size field, or 3 long Parameter Name string in a package with opcode 0x43 and sub...

CVE-2013-1593

A Denial of Service vulnerability exists in the WRITEC function in the msgserver.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN...

SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opco...

SAP Netweaver ABAP 'msg_server.exe'远程代码执行漏洞

Bugtraq ID: 54214 SAP NetWeaver是一款SAP业务套件解决方案、SAP xApps组合应用、合作伙伴解决方案以及客户定制应用的技术基础。 SAP NetWeaver处理操作码为0x43的报文存在缺陷。如果sub opcode为0x4的报文包含超长参数值字符串，NetWeaver最后会把\x00字节写入到栈中标记字符串的结尾，而NULL字节的位置以来用户提供的输入，提供超长数值可导致栈破坏，可以以进程上下文执行任意代码。 0 SAP NetWeaver ABAP 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息：...

SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msgserver.exe listening on 3900 by default. When the msgserver parses a message...