Published: 01/04/2009 Updated: 29/07/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui prior to 7.10 Patch Level 9 allows remote malicious users to execute arbitrary code via a long argument to the SaveViewToSessionFile method.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap sapgui 4.6a
sap sapgui 4.6c
sap sapgui 4.6d
sap sapgui 4.6
sap sapgui 4.6b
sap sapgui
sap sapgui 6.40

## # $Id: sapgui_saveviewtosessionfilerb 9262 2010-05-09 17:45:00Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/ ...

source: wwwsecurityfocuscom/bid/34319/info SAP MaxDB is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the ...

CWE-119 http://www.kb.cert.org/vuls/id/985449 http://www.securityfocus.com/bid/34310 https://service.sap.com/sap/support/notes/1153794 http://www.vupen.com/english/advisories/2009/0892 http://secunia.com/advisories/34559 https://exchange.xforce.ibmcloud.com/vulnerabilities/49543 https://nvd.nist.gov https://www.exploit-db.com/exploits/16575/https://www.kb.cert.org/vuls/id/985449

CVE-2007-4475

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect