CVE-2007-3606 - Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, o

CVE-2007-3606

Summary

Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function.

References

http://osvdb.org/37689
http://secunia.com/advisories/25959
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/
http://www.securityfocus.com/bid/24776
http://www.securityfocus.com/bid/24777
http://www.vupen.com/english/advisories/2007/2449
https://exchange.xforce.ibmcloud.com/vulnerabilities/35268
https://www.exploit-db.com/exploits/4149

Vulnerable Configurations

cpe:2.3:a:sap:enjoysap:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:enjoysap:*:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 29-09-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	24776 24777
exploit-db	4149
misc	http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/
osvdb	37689
secunia	25959
vupen	ADV-2007-2449
xf	enjoysap-rfcguisinkrfcguisink-bo(35268)

Last major update

29-09-2017 - 01:29

Published

06-07-2007 - 19:30

Last modified

29-09-2017 - 01:29