CVE-2010-4556

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Business Client
Vendor: CVE Published:; 17 December 2010

Summary

Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-290/

x_refsource_MISC

http://www.vupen.com/english/advisories/2010/3239

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1024890

vdb-entryx_refsource_SECTRACK

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 17, 2010
Vulnerability Reserved
Dec 17, 2010