SAPgui EAI WebViewer3D ActiveX control SaveViewToSessionFile buffer overflow

Added: 04/07/2009
CVE: CVE-2007-4475
BID: 34310
OSVDB: 53066

Background

SAPgui for Windows registers the EAI WebViewer3D ActiveX control.

Problem

A buffer overflow vulnerability in the EAI WebViewer3D ActiveX control allows command execution when a user loads a web page which invokes the SaveViewToSessionFile method with a long, specially crafted argument.

Resolution

Upgrade to SAPgui 7.10 Patch Level 9.

References

http://www.kb.cert.org/vuls/id/985449

Limitations

Exploit works on SAPgui 7.10 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

Back to exploit index