(0Day) SAP Sybase ESP esp_parse ConnectionType.getName Remote Code Execution Vulnerability

2014-05-22T00:00:00
ID ZDI-14-144
Type zdi
Reporter WanderingGlitch, HP Zero Day Initiative
Modified 2014-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability.

The specific flaw exists within the ConnectionType.getName function in esp_server_lib.dll. By sending specific arguments to the ConnectionType.getName function via XMLRPC an attacker can trigger a remote code execution condition. An attacker can leverage this vulnerability to execute code under the context of the current process.