Contact us today.

Subscribe me to your mailing list

[ERPSCAN-09-044] SAP GUI 7.1 WebViewer3D ActiveX — Insecure Methods

DSECRG Advisories

Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1
Versions Affected: Tested on 7100.2.7.1038 PL 7
Vendor URL:
Bugs: Insecure method, File owervriting
Exploits: YES
Reported: 02.07.2009
Vendor response: 02.07.2009
Date of Public Advisory: 28.09.2009
Author: Alexandr Polyakov

SAP GUI for Windows 7.1 and 6.4 contains ActiveX component EAI WebViewer3D (file WebViewer3D.dll) Lib GUID: {AFBBE070-7340-11d2-AA6B-00E02924C34E} which contains insecure methods that can overwrite any file in the system.

Business Risk
An attacker can send a malicious link to an unaware user via an e-mail, messaging or social networks. He also can insert this link into corporate portal. When clicking this link the end user browser will call vulnerable ActiveX component which can delete any file on victim’s workstation. It is possible to delete configuration files of critical binaries that can lead to denial of service attack and stopping business until files will be repaired. This scenario is critical if user works with SAP for Logistics or SAP for Banking applications.