[ERPSCAN-09-015] SAP GUI 6.4 Buffer Overflow Vulnerability

DSECRG Advisories

Application: EnjoySAP, SAP GUI for Windows
Versions Affected: Version 6.4
Vendor URL: http://sap.com
Bugs: Buffer Overflow
Exploits: YES
Reported: 13.11.2008
Vendor response: 17.11.2008
Date of Public Advisory: 08.06.2009
Author: Alexandr Polyakov

SAP GUI for Windows version 6.4 contains ActiveX component SAPIrRfc which is vulnerable to Buffer overflow attack.

Business Risk
An attacker can send a malicious link to an unaware user using e-mail, messaging or social networks. He also can insert this link into corporate portal. When clicking this link the end user browser will call vulnerable ActiveX component and overflow a stack buffer resulting in arbitrary code execution under the context of the user running the browser. It can be used by attacker to gain full control on victim’s workstation.