VAR-200906-0453
Vulnerability from variot - Updated: 2022-05-17 02:08SAPgui is the graphical user interface client for SAP software. The SAPIrRfc ActiveX component (sapirrfc.dll, GUID = F6908F83-ADA6-11D0-87AA-00AA00198702) bundled with the SAP GUI does not correctly validate the parameters passed by the user to the Accept function. If the user is tricked into accessing a malicious web page and passing a very long parameter to the function, a buffer overflow may be triggered, causing arbitrary code to be executed on the target system. SAP AG SAPgui is prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. SAPgui 6.4 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200906-0453",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gui patch",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "6.4029"
},
{
"model": "ag sapgui",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "6.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sap",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2009-3112"
},
{
"db": "BID",
"id": "35256"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Polyakov",
"sources": [
{
"db": "BID",
"id": "35256"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2009-3112",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2009-3112",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2009-3112"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAPgui is the graphical user interface client for SAP software. The SAPIrRfc ActiveX component (sapirrfc.dll, GUID = F6908F83-ADA6-11D0-87AA-00AA00198702) bundled with the SAP GUI does not correctly validate the parameters passed by the user to the Accept function. If the user is tricked into accessing a malicious web page and passing a very long parameter to the function, a buffer overflow may be triggered, causing arbitrary code to be executed on the target system. SAP AG SAPgui is prone to a remote buffer-overflow vulnerability. \nAttackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. \nSAPgui 6.4 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-3112"
},
{
"db": "BID",
"id": "35256"
},
{
"db": "IVD",
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "35256",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2009-3112",
"trust": 0.8
},
{
"db": "IVD",
"id": "A3587D22-1FCB-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2009-3112"
},
{
"db": "BID",
"id": "35256"
}
]
},
"id": "VAR-200906-0453",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2009-3112"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2009-3112"
}
]
},
"last_update_date": "2022-05-17T02:08:32.860000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://marc.info/?l=bugtraq\u0026m=124447130112600\u0026w=2"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
},
{
"trust": 0.3,
"url": "https://service.sap.com/sap/support/notes/1286637"
},
{
"trust": 0.3,
"url": "/archive/1/504141"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-3112"
},
{
"db": "BID",
"id": "35256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2009-3112"
},
{
"db": "BID",
"id": "35256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-08T00:00:00",
"db": "IVD",
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d"
},
{
"date": "2009-06-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-3112"
},
{
"date": "2009-06-08T00:00:00",
"db": "BID",
"id": "35256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-3112"
},
{
"date": "2009-12-14T23:43:00",
"db": "BID",
"id": "35256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "35256"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP AG SAPgui sapirrfc.dll ActiveX Control Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a3587d22-1fcb-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2009-3112"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "35256"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…