In association with heise online

12 January 2009, 09:07

Vulnerability in the SAP GUI

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a Secunia advisory, a faulty ActiveX control in the SAP GUI can allow for an attacker to take control of a system. The cause of the problem is a boundary error that can be exploited by a remote user to cause a heap overflow. The error occurs when copying tab captions within the TabOne ActiveX control, such as adding multiple tabs with the AddTab method.

The vulnerable versions are SAP GUI 6.40 Patch 29 and SAP GUI 7.10 with versions of the control ([code]sizerone.ocx]), but other versions may be affected. The fix is to upgrade to SAP GUI version 7.10PL, which sets the kill bit for the ActiveX control. Users can also set the kill bit manually using instructions available to registered SAP users (link requires user name and password).

See Also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit