Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability alert 9771

SAP GUI: command execution via wadmxhtml

Synthesis of the vulnerability

An attacker can use the wadmxhtml.dll ActiveX of SAP GUI, in order to execute code on computers of victims displaying a malicious HTML page.
Severity: 2/4.
Creation date: 16/07/2010.

Impacted products

Description of the vulnerability

The SAP GUI for Windows product installs the wadmxhtml.dll ActiveX, which can be called from user's web browser.

A malicious web page can use the Tags property of wadmxhtml.dll, in order to corrupt the memory.

An attacker can therefore use the wadmxhtml.dll ActiveX of SAP GUI, in order to execute code on computers of victims displaying a malicious HTML page.

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

SAP GUI: command execution via wadmxhtml

Characteristics

Title: SAP GUI: command execution via wadmxhtml.
Keywords: ActiveX GUI HTML SAP Tags Windows command execution wadmxhtml.
Identifiers: BID-41715, VIGILANCE-VUL-9771.

Information sources

Publications and announces

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

Vigil@nce provides an applications vulnerabilities workaround. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française