Vulnerability in the SAP GUI
According to a Secunia advisory, a faulty ActiveX control in the SAP GUI can allow for an attacker to take control of a system. The cause of the problem is a boundary error that can be exploited by a remote user to cause a heap overflow. The error occurs when copying tab captions within the TabOne ActiveX control, such as adding multiple tabs with the
The vulnerable versions are SAP GUI 6.40 Patch 29 and SAP GUI 7.10 with versions of the control ([code]sizerone.ocx]) 220.127.116.11, but other versions may be affected. The fix is to upgrade to SAP GUI version 7.10PL, which sets the kill bit for the ActiveX control. Users can also set the kill bit manually using instructions available to registered SAP users (link requires user name and password).
- SAP GUI TabOne ActiveX Control Caption List Buffer Overflow, Secunia advisory