In association with heise online

11 August 2006, 14:10

SAP Internet Graphics Service executes malicious code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Internet Graphics Service (IGS) that comes installed and activated by default on SAP's web applications server can be exploited by attackers to break into the system, reports security service provider Cybsec. SAP has subsequently already released updates to close the security holes.

The IGS improperly processes the defective packets from the Net. Attackers can use manipulated packets to cause the service to crash. They could also take control of the entire computer if the service is running under Windows; on Unix machines they are more restricted, but could still take full control of the SAP system. Cybsec reports that it will publish more specific details on the vulnerabilities in three months' time.

IGS versions 6.4 at patch levels below 16 as well as 7.00 at patch level 3 and lower are affected by the flaw. Administrators of SAP web applications servers should acquire and install the updates from SAP as soon as possible through the standard channels.

Please see also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit