Vulnerabilities > CVE-2007-3605 - Stack Buffer Overflow vulnerability in SAP EnjoySAP KWEdit.DLL ActiveX Control
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description EnjoySAP SAP GUI ActiveX Control Buffer Overflow. CVE-2007-3605. Remote exploit for windows platform id EDB-ID:16498 last seen 2016-02-02 modified 2010-06-15 published 2010-06-15 reporter metasploit source https://www.exploit-db.com/download/16498/ title EnjoySAP SAP GUI ActiveX Control Buffer Overflow description EnjoySAP ActiveX kweditcontrol.kwedit.1 Remote Stack Overflow PoC. CVE-2007-3605,CVE-2007-3607,CVE-2007-3608. Dos exploit for windows platform file exploits/windows/dos/4148.html id EDB-ID:4148 last seen 2016-01-31 modified 2007-07-05 platform windows port published 2007-07-05 reporter Mark Litchfield source https://www.exploit-db.com/download/4148/ title EnjoySAP ActiveX kweditcontrol.kwedit.1 - Remote Stack Overflow PoC type dos
Metasploit
| description | This module exploits a stack buffer overflow in SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41) provided by EnjoySAP GUI. By sending an overly long string to the "PrepareToPostHTML()" method, an attacker may be able to execute arbitrary code. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/ENJOYSAPGUI_PREPARETOPOSTHTML |
| last seen | 2020-06-14 |
| modified | 2017-07-24 |
| published | 2007-07-18 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3605 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/enjoysapgui_preparetoposthtml.rb |
| title | EnjoySAP SAP GUI ActiveX Control Buffer Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83119/enjoysapgui_preparetoposthtml.rb.txt |
| id | PACKETSTORM:83119 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | MC |
| source | https://packetstormsecurity.com/files/83119/EnjoySAP-SAP-GUI-ActiveX-Control-Buffer-Overflow.html |
| title | EnjoySAP SAP GUI ActiveX Control Buffer Overflow |
References
- http://osvdb.org/37690
- http://secunia.com/advisories/25959
- http://securityreason.com/securityalert/2873
- http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/
- http://www.securityfocus.com/archive/1/472887/100/0/threaded
- http://www.securityfocus.com/bid/24772
- http://www.securityfocus.com/bid/24776
- http://www.vupen.com/english/advisories/2007/2449
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35267
- https://www.exploit-db.com/exploits/4148