Heap-based Buffer Overflow in EnjoySAP SAP GUI ActiveX Control
CVE-2007-3606

Currently unrated

Key Information:

Vendor

SAP
Status
EnjoySAP
Vendor
CVE Published:
6 July 2007

What is CVE-2007-3606?

A heap-based buffer overflow vulnerability exists in the ActiveX control 'rfcguisink.rfcguisink.1' used by EnjoySAP SAP GUI. This vulnerability permits remote attackers to execute arbitrary code by sending a specially crafted long argument to the LaunchGui function. Users of the ASCII versions of the SAP GUI are particularly at risk, as exploiting this flaw could lead to unauthorized access and control over the affected system.

References

http://www.securityfocus.com/bid/24777
vdb-entryx_refsource_BID
http://osvdb.org/37689
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/24776
vdb-entryx_refsource_BID

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.