lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20100715161507.2EAA22804E@smtp.hushmail.com>
Date: Thu, 15 Jul 2010 12:15:07 -0400
From: "Elazar Broad" <elazar@...hmail.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: SAPGui BI wadmxhtml.dll Tags Property Heap Corruption

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Who
- --------
SAP
http://www.sap.com

What
- --------
SAPGui BI component

File:  %PROGRAMFILES%\sap\business explorer\bi\wadmxhtml.dll
Version: 7100.1.400.8
ClassID: 30DD068D-5AD9-434C-AAAC-46ABE37194EB
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe:  Safe for untrusted: caller,data
IPersist Safe:  Safe for untrusted: caller,data
KillBitSet: False

How
- --------
Vulnerable Property: Tags

The Tags property can be manipulated to trigger heap corruption
resulting in the execution of arbitrary code.


Fix
- --------

SAP set the kill-bit for this control with Patch 17 for SAPGui.
Alternatively, you can set the kill-bit manually, please see
http://support.microsoft.com/kb/240797.

Credit
- --------
Elazar Broad
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQECAAYFAkw/NAsACgkQi04xwClgpZiFhQP/RfjeHhaBzFZDcwpvkq8eAsE1QclV
8pqzmhDv5xXh8s+hbKYyLqLq8St/3z6reBKoHP0//BVbOSE/1CTRCyiJuKjV0SLP3qdb
vkCzrtg5eoGCKUvEWoqjE6NNysmV/P0j88T/NRBv3jkznINWAl6mf+n/JwKC4KC57wKQ
9n3IjvY=
=yNee
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ