Full Disclosure mailing list archives
SAPGui BI wadmxhtml.dll Tags Property Heap Corruption
From: "Elazar Broad" <elazar () hushmail com>
Date: Thu, 15 Jul 2010 12:15:07 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Who - -------- SAP http://www.sap.com What - -------- SAPGui BI component File: %PROGRAMFILES%\sap\business explorer\bi\wadmxhtml.dll Version: 7100.1.400.8 ClassID: 30DD068D-5AD9-434C-AAAC-46ABE37194EB RegKey Safe for Script: False RegKey Safe for Init: False Implements IObjectSafety: True IDisp Safe: Safe for untrusted: caller,data IPersist Safe: Safe for untrusted: caller,data KillBitSet: False How - -------- Vulnerable Property: Tags The Tags property can be manipulated to trigger heap corruption resulting in the execution of arbitrary code. Fix - -------- SAP set the kill-bit for this control with Patch 17 for SAPGui. Alternatively, you can set the kill-bit manually, please see http://support.microsoft.com/kb/240797. Credit - -------- Elazar Broad -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkw/NAsACgkQi04xwClgpZiFhQP/RfjeHhaBzFZDcwpvkq8eAsE1QclV 8pqzmhDv5xXh8s+hbKYyLqLq8St/3z6reBKoHP0//BVbOSE/1CTRCyiJuKjV0SLP3qdb vkCzrtg5eoGCKUvEWoqjE6NNysmV/P0j88T/NRBv3jkznINWAl6mf+n/JwKC4KC57wKQ 9n3IjvY= =yNee -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SAPGui BI wadmxhtml.dll Tags Property Heap Corruption Elazar Broad (Jul 15)