Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: SAP GUI, command execution via wadmxhtml

July 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

An attacker can use the wadmxhtml.dll ActiveX of SAP GUI, in order
to execute code on computers of victims displaying a malicious
HTML page.

 Severity: 2/4
 Creation date: 16/07/2010

DESCRIPTION OF THE VULNERABILITY

The SAP GUI for Windows product installs the wadmxhtml.dll
ActiveX, which can be called from user’s web browser.

A malicious web page can use the Tags property of wadmxhtml.dll,
in order to corrupt the memory.

An attacker can therefore use the wadmxhtml.dll ActiveX of SAP
GUI, in order to execute code on computers of victims displaying a
malicious HTML page.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/SAP-GUI-command-execution-via-wadmxhtml-9771


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts