| Name | SAP.SAPgui.EAI.WebViewer3D.ActiveX.Access |
| Last Updated Date | May 15, 2009 |
| Release Date | Apr 03, 2009 |
| Severity | High |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt against a stack-overflow vulnerability in Siemens Unigraphics Solutions Teamcenter Visualization EAI WebViewer3D ActiveX control that is bundled with SAPgui.
The vulnerability is due to the ActiveX control's inability to handle overly long arguments passed to the affected method. Remote attackers may exploit this to execute arbitrary code. |
| Affected Products | SAP SAPgui version 7.10 Patch Level 8 and prior |
| Recommended Actions | Upgrade to SAPgui version 7.10 Patch Level 9:
https://service.sap.com/sap/support/notes/1153794 |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4475
|
| Reference/s | http://www.vupen.com/english/advisories/2009/0892 (FrSIRT)
http://www.kb.cert.org/vuls/id/985449
|