Vulnerabilites related to simba_technologies - mdrmsap_activex_control
Vulnerability from fkie_nvd
Published
2008-11-10 16:15
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sapgui | * | |
| simba_technologies | mdrmsap_activex_control | * | |
| microsoft | internet_explorer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sapgui:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5B9DE5-0BD7-48C8-B09C-1F1E1AB58F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simba_technologies:mdrmsap_activex_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9956870B-8039-46E9-9839-ECD464D08CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el control ActiveX MDrmSap de Simba en mdrmsap.dll en SAP SAPgui permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores desconocidos que involucran la instanciaci\u00f3n por Internet Explorer."
}
],
"evaluatorSolution": "Patch Information (SAP Login Required) = http://service.sap.com/sap/support/notes/1142431",
"id": "CVE-2008-4387",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-10T16:15:04.907",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/49721"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/277313"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/32186"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2008/3106"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/277313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46440"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-4387 (GCVE-0-2008-4387)
Vulnerability from cvelistv5
Published
2008-11-10 16:00
Modified
2024-08-07 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/49721 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/32186 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46440 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/3106 | vdb-entry, x_refsource_VUPEN | |
| http://www.kb.cert.org/vuls/id/277313 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49721"
},
{
"name": "32186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32186"
},
{
"name": "sap-mdrmsap-code-execution(46440)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46440"
},
{
"name": "ADV-2008-3106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3106"
},
{
"name": "VU#277313",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/277313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "49721",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49721"
},
{
"name": "32186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32186"
},
{
"name": "sap-mdrmsap-code-execution(46440)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46440"
},
{
"name": "ADV-2008-3106",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3106"
},
{
"name": "VU#277313",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/277313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-4387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49721",
"refsource": "OSVDB",
"url": "http://osvdb.org/49721"
},
{
"name": "32186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32186"
},
{
"name": "sap-mdrmsap-code-execution(46440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46440"
},
{
"name": "ADV-2008-3106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3106"
},
{
"name": "VU#277313",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/277313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-4387",
"datePublished": "2008-11-10T16:00:00",
"dateReserved": "2008-10-02T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}