[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20100715161507.2EAA22804E@smtp.hushmail.com>
Date: Thu, 15 Jul 2010 12:15:07 -0400
From: "Elazar Broad" <elazar@...hmail.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: SAPGui BI wadmxhtml.dll Tags Property Heap Corruption
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Who
- --------
SAP
http://www.sap.com
What
- --------
SAPGui BI component
File: %PROGRAMFILES%\sap\business explorer\bi\wadmxhtml.dll
Version: 7100.1.400.8
ClassID: 30DD068D-5AD9-434C-AAAC-46ABE37194EB
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller,data
IPersist Safe: Safe for untrusted: caller,data
KillBitSet: False
How
- --------
Vulnerable Property: Tags
The Tags property can be manipulated to trigger heap corruption
resulting in the execution of arbitrary code.
Fix
- --------
SAP set the kill-bit for this control with Patch 17 for SAPGui.
Alternatively, you can set the kill-bit manually, please see
http://support.microsoft.com/kb/240797.
Credit
- --------
Elazar Broad
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify
wpwEAQECAAYFAkw/NAsACgkQi04xwClgpZiFhQP/RfjeHhaBzFZDcwpvkq8eAsE1QclV
8pqzmhDv5xXh8s+hbKYyLqLq8St/3z6reBKoHP0//BVbOSE/1CTRCyiJuKjV0SLP3qdb
vkCzrtg5eoGCKUvEWoqjE6NNysmV/P0j88T/NRBv3jkznINWAl6mf+n/JwKC4KC57wKQ
9n3IjvY=
=yNee
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists