Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4830

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4830
Last Modified 28 Apr 2009 01:34:02
Published 16 Apr 2009 11:12:57
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4830

Summary

Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.

Vulnerable Systems

Application

  • Sap Gui 6.40

  • Sap Gui 7.10


References

VUPEN - ADV-2009-1043

SECTRACK - 1022062

BID - 34524

BUGTRAQ - 20090415 Secunia Research: SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method

MISC - http://secunia.com/secunia_research/2008-56/

SECUNIA - 32869


Last Updated: 27 May 2016 10:48:38