Stack-Based Buffer Overflow in SAP NetWeaver Business Client ActiveX Control
CVE-2010-4556

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Business Client
Vendor: CVE Published:; 17 December 2010

Summary

A buffer overflow vulnerability exists in the SapThemeRepository ActiveX control (sapwdpcd.dll) used in SAP NetWeaver Business Client. This flaw could allow remote attackers to execute arbitrary code on affected systems by invoking the (1) Load and (2) LoadTheme methods. Proper mitigation strategies and prompt updates are crucial to safeguarding systems against possible exploitation.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-290/

x_refsource_MISC

http://www.vupen.com/english/advisories/2010/3239

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1024890

vdb-entryx_refsource_SECTRACK

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 17, 2010
Vulnerability Reserved
Dec 17, 2010