This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability.
The specific flaw exists within the ConnectionType.getName function in esp_server_lib.dll. By sending specific arguments to the ConnectionType.getName function via XMLRPC an attacker can trigger a remote code execution condition. An attacker can leverage this vulnerability to execute code under the context of the current process.