SecurityvulnsSECURITYVULNS:DOC:23442[DSECRG-09-064] SAP GUI - Insecure method, code execution
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-064
Application: SAP GUI
Versions Affected: SAP GUI (SAP GUI 7.1)
Vendor URL: http://SAP.com
Bugs: Insecure method. Code Execution.
Exploits: YES
Reported: 16.10.2009
Vendor response: 27.10.2009
Date of Public Advisory: 23.03.2010
Author: Alexey Sintsov
from Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]
com)
Description
Insecure method was founded in SAPBExCommonResources (class BExGlobal) activeX control component which is
a part of SAP GUI.
Details
can be found in http://dsecrg.com/pages/vul/show.php?id=164
Fix Information
All patches are available since December via note 1407285
References
http://dsecrg.com/pages/vul/show.php?id=164
https://service.sap.com/sap/support/notes/1407285.
About
Digital Security is leading IT security company in Russia, providing information security consulting,
audit and penetration testing services, risk analysis and ISMS-related services and certification for
ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and
database security problems with vulnerability reports, advisories and whitepapers posted regularly on our
website.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
Polyakov Alexandr. PCI QSA.
Head of security audit department
Head of Digital Security Research Group
DIGITAL SECURITY
phone: +7 812 703 1547
+7 812 430 9130
e-mail: [email protected]
www.dsec.ru
www.dsecrg.com
www.pcidss.ru