ID
VAR-E-200906-0699
TITLE
SAP AG SAPgui 'sapirrfc.dll' ActiveX Control Buffer Overflow Vulnerability
Trust: 0.3
DESCRIPTION
SAP AG SAPgui is prone to a remote buffer-overflow vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
SAPgui 6.4 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sap | model: | ag sapgui | scope: | eq | version: | 6.4 | Trust: 0.3 |
EXPLOIT
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following proof of concept and exploit are available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/35256.html">/data/vulnerabilities/exploits/35256.html</a></li>
<li><a href="/data/vulnerabilities/exploits/35256-2.html">/data/vulnerabilities/exploits/35256-2.html</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Boundary Condition Error
Trust: 0.3
CREDITS
Alexander Polyakov
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 35256 | Trust: 0.3 |
REFERENCES
| url: | http://support.microsoft.com/kb/240797 | Trust: 0.3 |
| url: | https://service.sap.com/sap/support/notes/1286637 | Trust: 0.3 |
| url: | http://www.sap.com | Trust: 0.3 |
SOURCES
| db: | BID | id: | 35256 |
LAST UPDATE DATE
2022-07-27T09:28:21.020000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 35256 | date: | 2009-12-14T23:43:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 35256 | date: | 2009-06-08T00:00:00 |