Sign-up

ID

VAR-201007-0347


TITLE

SAP GUI SAPWADMXHTML ActiveX Control

Trust: 0.6

sources: CNVD: CNVD-2010-1370

DESCRIPTION

The SAP GUI is a graphical user interface client for SAP software. The SAPWADMXHTML ActiveX control has an unspecified error when processing the value of the \"tags\" property, constructing a malicious WEB page to entice user access to destroy heap memory. Successful exploitation of a vulnerability can execute arbitrary instructions in an application security context

Trust: 0.72

sources: CNVD: CNVD-2010-1370 // IVD: 3f49dc30-1fb3-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 3f49dc30-1fb3-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-1370

AFFECTED PRODUCTS

vendor:sapmodel:guiscope:eqversion:7.x

Trust: 0.6

vendor:sapmodel:gui sapwadmxhtml activex controlscope:eqversion:7.x

Trust: 0.6

vendor:sapmodel:guiscope:eqversion:7.x*

Trust: 0.2

vendor:sapmodel:guiscope:eqversion:*

Trust: 0.2

vendor:sapwadmxhtmlmodel:activex controlscope:eqversion:7.x

Trust: 0.2

sources: IVD: 3f49dc30-1fb3-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-1370

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 3f49dc30-1fb3-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: 3f49dc30-1fb3-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 3f49dc30-1fb3-11e6-abef-000c29c66e3d

TYPE

Access control error

Trust: 0.2

sources: IVD: 3f49dc30-1fb3-11e6-abef-000c29c66e3d

PATCH

title:SAP GUI SAPWADMXHTML ActiveX control \"tags\" attribute memory corruption patchurl:https://www.cnvd.org.cn/patchinfo/show/659

Trust: 0.6

sources: CNVD: CNVD-2010-1370

EXTERNAL IDS

db:CNVDid:CNVD-2010-1370

Trust: 0.8

db:IVDid:3F49DC30-1FB3-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 3f49dc30-1fb3-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-1370

REFERENCES

url:http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0229.htmlhttp

Trust: 0.6

sources: CNVD: CNVD-2010-1370

SOURCES

db:IVDid:3f49dc30-1fb3-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2010-1370

LAST UPDATE DATE

2022-05-17T01:51:49.346000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-1370date:2010-07-18T00:00:00

SOURCES RELEASE DATE

db:IVDid:3f49dc30-1fb3-11e6-abef-000c29c66e3ddate:2010-07-18T00:00:00
db:CNVDid:CNVD-2010-1370date:2010-07-18T00:00:00