| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Jul 2010 12:15:07 -0400 From: "Elazar Broad" <elazar@...hmail.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: SAPGui BI wadmxhtml.dll Tags Property Heap Corruption -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Who - -------- SAP http://www.sap.com What - -------- SAPGui BI component File: %PROGRAMFILES%\sap\business explorer\bi\wadmxhtml.dll Version: 7100.1.400.8 ClassID: 30DD068D-5AD9-434C-AAAC-46ABE37194EB RegKey Safe for Script: False RegKey Safe for Init: False Implements IObjectSafety: True IDisp Safe: Safe for untrusted: caller,data IPersist Safe: Safe for untrusted: caller,data KillBitSet: False How - -------- Vulnerable Property: Tags The Tags property can be manipulated to trigger heap corruption resulting in the execution of arbitrary code. Fix - -------- SAP set the kill-bit for this control with Patch 17 for SAPGui. Alternatively, you can set the kill-bit manually, please see http://support.microsoft.com/kb/240797. Credit - -------- Elazar Broad -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkw/NAsACgkQi04xwClgpZiFhQP/RfjeHhaBzFZDcwpvkq8eAsE1QclV 8pqzmhDv5xXh8s+hbKYyLqLq8St/3z6reBKoHP0//BVbOSE/1CTRCyiJuKjV0SLP3qdb vkCzrtg5eoGCKUvEWoqjE6NNysmV/P0j88T/NRBv3jkznINWAl6mf+n/JwKC4KC57wKQ 9n3IjvY= =yNee -----END PGP SIGNATURE-----
Powered by blists - more mailing lists