[ERPSCAN-11-014] SAP GUI (SAPGUI) — DLL hijacking

DSECRG Advisories

Application: SAP GUI
Versions Affected: 6.4 — 7.2
Vendor URL: http://www.sap.com
Bugs: DLL hijacking
Exploits: YES
Reported: 24.08.2010
Vendor response: 26.08.2010
Date of Public Advisory: 09.03.2011
Author: Alexey Sintsov, Alexandr Polyakov

SAP Front End applications (SAPGui.exe) are vulnerable to DLL hijacking attacks. It makes possible to remote code execution.

Business Risk
Attacker can put malicious file on shared folder or internet site and send user a link to SAP shortcut. When victim try to open shortcuts in this folder SAP Frontend application will execute malicious code on the victim workstation giving attacker a full access to workstation.