Stack-Based Buffer Overflow in SAP AG SAPgui Prior to Patch Level 9
CVE-2007-4475

Currently unrated

Key Information:

Vendor: SAP
Status: SAPgui
Vendor: CVE Published:; 1 April 2009

Summary

The EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG's SAPgui prior to patch level 9 is susceptible to a stack-based buffer overflow. This vulnerability allows remote attackers to execute arbitrary code by supplying excessively long arguments to the SaveViewToSessionFile method. This flaw poses significant security risks, enabling unauthorized actions on affected systems and necessitating prompt patch management to mitigate potential exploits.

References

http://www.securityfocus.com/bid/34310

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2009/0892

vdb-entryx_refsource_VUPEN

http://www.kb.cert.org/vuls/id/985449

third-party-advisoryx_refsource_CERT-VN

EPSS Score

68% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 1, 2009
Vulnerability Reserved
Aug 22, 2007