EnjoySAP SAP GUI ActiveX Control Arbitrary File Download Vulnerability

2015年7月21日

Email
Facebook
Twitter
Google+
Linkedin

危険度: : 緊急

CVE識別番号: CVE-2008-4830

概要

Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.

トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

対応方法

Trend Micro Deep Security DPI Rule Number: 1006148

Trend Micro Deep Security DPI Rule Name: 1006148 - EnjoySAP SAP GUI ActiveX Control Arbitrary File Download Vulnerability

影響を受けるソフトウェア

sap sap_gui 6.40
sap sap_gui 7.10