ID CVE-2007-3605
Summary Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:enjoysap
    cpe:2.3:a:sap:enjoysap
CVSS
Base: 7.6 (as of 10-07-2007 - 11:39)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description EnjoySAP ActiveX kweditcontrol.kwedit.1 Remote Stack Overflow PoC. CVE-2007-3605,CVE-2007-3607,CVE-2007-3608. Dos exploit for windows platform
    file exploits/windows/dos/4148.html
    id EDB-ID:4148
    last seen 2016-01-31
    modified 2007-07-05
    platform windows
    port
    published 2007-07-05
    reporter Mark Litchfield
    source https://www.exploit-db.com/download/4148/
    title EnjoySAP ActiveX kweditcontrol.kwedit.1 - Remote Stack Overflow PoC
    type dos
  • description EnjoySAP SAP GUI ActiveX Control Buffer Overflow. CVE-2007-3605. Remote exploit for windows platform
    id EDB-ID:16498
    last seen 2016-02-02
    modified 2010-06-15
    published 2010-06-15
    reporter metasploit
    source https://www.exploit-db.com/download/16498/
    title EnjoySAP SAP GUI ActiveX Control Buffer Overflow
metasploit via4
description This module exploits a stack buffer overflow in SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41) provided by EnjoySAP GUI. By sending an overly long string to the "PrepareToPostHTML()" method, an attacker may be able to execute arbitrary code.
id MSF:EXPLOIT/WINDOWS/BROWSER/ENJOYSAPGUI_PREPARETOPOSTHTML
last seen 2019-03-30
modified 2017-07-24
published 2007-07-18
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/enjoysapgui_preparetoposthtml.rb
title EnjoySAP SAP GUI ActiveX Control Buffer Overflow
packetstorm via4
data source https://packetstormsecurity.com/files/download/83119/enjoysapgui_preparetoposthtml.rb.txt
id PACKETSTORM:83119
last seen 2016-12-05
published 2009-11-26
reporter MC
source https://packetstormsecurity.com/files/83119/EnjoySAP-SAP-GUI-ActiveX-Control-Buffer-Overflow.html
title EnjoySAP SAP GUI ActiveX Control Buffer Overflow
refmap via4
bid
  • 24772
  • 24776
bugtraq 20070705 EnjoySAP, SAP GUI for Windows - Stack Overflow
exploit-db 4148
misc http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/
osvdb 37690
secunia 25959
sreason 2873
vupen ADV-2007-2449
xf enjoysap-kweditcontrolkwedit1-bo(35267)
Last major update 07-03-2011 - 21:56
Published 06-07-2007 - 15:30
Last modified 15-10-2018 - 17:29
Back to Top