| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability alert 9771
SAP GUI: command execution via wadmxhtml
Synthesis of the vulnerability
| An attacker can use the wadmxhtml.dll ActiveX of SAP GUI, in order to execute code on computers of victims displaying a malicious HTML page. |
Severity: 2/4.
Creation date: 16/07/2010.
|
Impacted products
Description of the vulnerability
The SAP GUI for Windows product installs the wadmxhtml.dll ActiveX, which can be called from user's web browser.
A malicious web page can use the Tags property of wadmxhtml.dll, in order to corrupt the memory.
An attacker can therefore use the wadmxhtml.dll ActiveX of SAP GUI, in order to execute code on computers of victims displaying a malicious HTML page. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: SAP GUI: command execution via wadmxhtml.
Keywords: ActiveX GUI HTML SAP Tags Windows command execution wadmxhtml.
Identifiers: BID-41715, VIGILANCE-VUL-9771.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
Vigil@nce provides an applications vulnerabilities workaround. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.
|
