(0Day) SAP Sybase ESP esp_parse Connection.getFieldNames Remote Code Execution Vulnerability

2014-05-22T00:00:00
ID ZDI-14-154
Type zdi
Reporter AbdulAziz Hariri, HP Zero Day Initiative
Modified 2014-06-22T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.getFieldNames function in esp_server_lib.dll. By sending specific arguments to the Connection.getFieldNames function via XMLRPC an attacker can trigger a remote code execution condition. An attacker can leverage this vulnerability to execute code under the context of the current process.