In association with heise online

« previous | next »
12 January 2009, 10:07

Vulnerability in the SAP GUI

According to a Secunia advisory, a faulty ActiveX control in the SAP GUI can allow for an attacker to take control of a system. The cause of the problem is a boundary error that can be exploited by a remote user to cause a heap overflow. The error occurs when copying tab captions within the TabOne ActiveX control, such as adding multiple tabs with the AddTab method.

The vulnerable versions are SAP GUI 6.40 Patch 29 and SAP GUI 7.10 with versions of the control ([code]sizerone.ocx]) 7.0.0.16, but other versions may be affected. The fix is to upgrade to SAP GUI version 7.10PL, which sets the kill bit for the ActiveX control. Users can also set the kill bit manually using instructions available to registered SAP users (link requires user name and password).

See Also:

(djwm)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-739625

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit