Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and previous versions, and 7.00 and previous versions, allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap internet graphics server 6.40 |
||
sap internet graphics server 7.00_patch_3 |
||
sap internet graphics server 6.40_patch_11 |
||
sap internet graphics server 6.40_patch_15 |