vulnerability alert 9771

SAP GUI: command execution via wadmxhtml

Synthesis of the vulnerability

An attacker can use the wadmxhtml.dll ActiveX of SAP GUI, in order to execute code on computers of victims displaying a malicious HTML page.

Severity: 2/4. Creation date: 16/07/2010.

Description of the vulnerability

The SAP GUI for Windows product installs the wadmxhtml.dll ActiveX, which can be called from user's web browser. A malicious web page can use the Tags property of wadmxhtml.dll, in order to corrupt the memory. An attacker can therefore use the wadmxhtml.dll ActiveX of SAP GUI, in order to execute code on computers of victims displaying a malicious HTML page.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: SAP GUI: command execution via wadmxhtml. Keywords: ActiveX GUI HTML SAP Tags Windows command execution wadmxhtml. Identifiers: BID-41715, VIGILANCE-VUL-9771.

Information sources

Publications and announces

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Technology watch team on vulnerabilities