Details of VAR-200906-0453

ID

VAR-200906-0453

TITLE

SAP AG SAPgui sapirrfc.dll ActiveX Control Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: a3587d22-1fcb-11e6-abef-000c29c66e3d // CNVD: CNVD-2009-3112

DESCRIPTION

SAPgui is the graphical user interface client for SAP software. The SAPIrRfc ActiveX component (sapirrfc.dll, GUID = F6908F83-ADA6-11D0-87AA-00AA00198702) bundled with the SAP GUI does not correctly validate the parameters passed by the user to the Accept function. If the user is tricked into accessing a malicious web page and passing a very long parameter to the function, a buffer overflow may be triggered, causing arbitrary code to be executed on the target system. SAP AG SAPgui is prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. SAPgui 6.4 is vulnerable; other versions may also be affected

Trust: 0.99

sources: CNVD: CNVD-2009-3112 // BID: 35256 // IVD: a3587d22-1fcb-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a3587d22-1fcb-11e6-abef-000c29c66e3d // CNVD: CNVD-2009-3112

AFFECTED PRODUCTS

vendor:	sap	model:	gui patch	scope:	eq	version:	6.4029	Trust: 0.8
vendor:	sap	model:	ag sapgui	scope:	eq	version:	6.4	Trust: 0.3
vendor:	sap	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: a3587d22-1fcb-11e6-abef-000c29c66e3d // CNVD: CNVD-2009-3112 // BID: 35256

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2009-3112
value:	HIGH
Trust: 0.6
IVD:	a3587d22-1fcb-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2009-3112
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a3587d22-1fcb-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: a3587d22-1fcb-11e6-abef-000c29c66e3d // CNVD: CNVD-2009-3112

THREAT TYPE

network

Trust: 0.3

sources: BID: 35256

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 35256

EXTERNAL IDS

db:	BID	id:	35256	Trust: 0.9
db:	CNVD	id:	CNVD-2009-3112	Trust: 0.8
db:	IVD	id:	A3587D22-1FCB-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: a3587d22-1fcb-11e6-abef-000c29c66e3d // CNVD: CNVD-2009-3112 // BID: 35256

REFERENCES

url:	http://marc.info/?l=bugtraq&m=124447130112600&w=2	Trust: 0.6
url:	http://support.microsoft.com/kb/240797	Trust: 0.3
url:	http://www.sap.com	Trust: 0.3
url:	https://service.sap.com/sap/support/notes/1286637	Trust: 0.3
url:	/archive/1/504141	Trust: 0.3

sources: CNVD: CNVD-2009-3112 // BID: 35256

CREDITS

Alexander Polyakov

Trust: 0.3

sources: BID: 35256

SOURCES

db:	IVD	id:	a3587d22-1fcb-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2009-3112
db:	BID	id:	35256

LAST UPDATE DATE

2022-05-17T02:08:32.860000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2009-3112	date:	2009-06-08T00:00:00
db:	BID	id:	35256	date:	2009-12-14T23:43:00

SOURCES RELEASE DATE

db:	IVD	id:	a3587d22-1fcb-11e6-abef-000c29c66e3d	date:	2009-06-08T00:00:00
db:	CNVD	id:	CNVD-2009-3112	date:	2009-06-08T00:00:00
db:	BID	id:	35256	date:	2009-06-08T00:00:00