Vigil@nce: SAP GUI, file creation via WebViewer3D.dll
September 2009 by Vigil@nce
An attacker can use the WebViewer3D.dll ActiveX of SAP GUI, in
order to create a file on computers of victims displaying a
malicious HTML page.
Severity: 1/4
Consequences: data creation/edition
Provenance: document
Means of attack: 2 attacks
Ability of attacker: beginner (1/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 28/09/2009
IMPACTED PRODUCTS
– SAP ERP
– SAP NetWeaver
DESCRIPTION OF THE VULNERABILITY
The SAP GUI for Windows product installs the WebViewer3D.dll
ActiveX, which can be called from user’s web browser. Two methods
of this ActiveX are vulnerable.
The SaveToSessionFile() method accepts to create the session file
at the location indicated by the attacker. [grav:1/4]
The SaveViewToSessionFile() method accepts to create the session
file at the location indicated by the attacker. [grav:1/4]
An attacker can therefore use the WebViewer3D.dll ActiveX of SAP
GUI, in order to create a file on computers of victims displaying
a malicious HTML page.
CHARACTERISTICS
Identifiers: DSECRG-09-043, DSECRG-09-044, VIGILANCE-VUL-9052
http://vigilance.fr/vulnerability/SAP-GUI-file-creation-via-WebViewer3D-dll-9052