Vigil@nce: SAP NetWeaver Business Client: buffer overflow of SapThemeRepository
December 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can create an HTML page generating an overflow in the
SapThemeRepository ActiveX, in order to execute code on victim’s
computer.
– Severity: 2/4
– Creation date: 15/12/2010
DESCRIPTION OF THE VULNERABILITY
The SAP NetWeaver Business Client product installs the
SapThemeRepository ActiveX (sapwdpcd.dll), which can be called
from Internet Explorer.
When parameters of this ActiveX are too long, a buffer overflow
occurs. Technical details are unknown.
An attacker can therefore create an HTML page generating an
overflow in the SapThemeRepository ActiveX, in order to execute
code on victim’s computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN