Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote malicious users to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap netweaver abap 7.0 |
||
sap netweaver abap 7.02 |
||
sap netweaver abap 7.03 |