Details of VAR-E-201103-0599

ID

VAR-E-201103-0599

CVE

cve_id:

CVE-2011-5154

Trust: 0.3

sources: BID: 46857

TITLE

SAP GUI DLL Loading Arbitrary Code Execution Vulnerability

Trust: 0.3

sources: BID: 46857

DESCRIPTION

SAP GUI is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
SAP GUI versions 6.4 through 7.2 are vulnerable; other versions may also be affected.

Trust: 0.3

sources: BID: 46857

AFFECTED PRODUCTS

vendor:	sap	model:	gui for windows patch level	scope:	eq	version:	7.006	Trust: 0.3
vendor:	sap	model:	gui for windows patch level	scope:	eq	version:	6.4030	Trust: 0.3
vendor:	sap	model:	gui	scope:	eq	version:	7.2	Trust: 0.3
vendor:	sap	model:	gui pl	scope:	eq	version:	7.10	Trust: 0.3
vendor:	sap	model:	gui	scope:	eq	version:	7.10	Trust: 0.3
vendor:	sap	model:	gui	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sap	model:	gui patch	scope:	eq	version:	6.4029	Trust: 0.3
vendor:	sap	model:	gui	scope:	eq	version:	6.4	Trust: 0.3
vendor:	sap	model:	ag sapgui patch level	scope:	eq	version:	7.109	Trust: 0.3
vendor:	sap	model:	ag sapgui patch level	scope:	eq	version:	7.108	Trust: 0.3
vendor:	sap	model:	ag sapgui patch level	scope:	eq	version:	7.105	Trust: 0.3
vendor:	sap	model:	ag sapgui patch level	scope:	eq	version:	6.4029	Trust: 0.3
vendor:	sap	model:	ag sapgui	scope:	eq	version:	6.4	Trust: 0.3
vendor:	sap	model:	ag sapgui	scope:	eq	version:	0	Trust: 0.3

sources: BID: 46857

EXPLOIT

A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.

Trust: 0.3

sources: BID: 46857

PRICE

Free

Trust: 0.3

sources: BID: 46857

TYPE

Design Error

Trust: 0.3

sources: BID: 46857

CREDITS

Digital Security Research Group

Trust: 0.3

sources: BID: 46857

EXTERNAL IDS

db:	NVD	id:	CVE-2011-5154	Trust: 0.3
db:	BID	id:	46857	Trust: 0.3

sources: BID: 46857

REFERENCES

url:	http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx	Trust: 0.3
url:	https://www.sdn.sap.com/irj/sdn/sap-gui	Trust: 0.3
url:	https://service.sap.com/sap/support/notes/1511179	Trust: 0.3
url:	http://dsecrg.com/pages/vul/show.php?id=314	Trust: 0.3
url:	http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html	Trust: 0.3
url:	http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx	Trust: 0.3
url:	http://blog.rapid7.com/?p=5325	Trust: 0.3
url:	http://www.microsoft.com/technet/security/advisory/2269637.mspx	Trust: 0.3

sources: BID: 46857

SOURCES

db:

BID

id:

46857

LAST UPDATE DATE

2022-07-27T09:12:32.617000+00:00

SOURCES UPDATE DATE

db:

BID

id:

46857

date:

2012-09-06T22:40:00

SOURCES RELEASE DATE

db:

BID

id:

46857

date:

2011-03-14T00:00:00