Vulnerabilities > CVE-2007-3606 - ActiveX Controls Multiple Unspecified vulnerability in EnjoySAP

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

sap

exploit available

NVD

Published: 2007-07-06

Updated: 2017-09-29

Summary

Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Enjoysap *	1

Exploit-Db

description	EnjoySAP ActiveX rfcguisink.rfcguisink.1 Remote Heap Overflow PoC. CVE-2007-3606,CVE-2007-3607,CVE-2007-3608. Dos exploit for windows platform
file	exploits/windows/dos/4149.html
id	EDB-ID:4149
last seen	2016-01-31
modified	2007-07-05
platform	windows
port
published	2007-07-05
reporter	Mark Litchfield
source	https://www.exploit-db.com/download/4149/
title	EnjoySAP ActiveX rfcguisink.rfcguisink.1 - Remote Heap Overflow PoC
type	dos

Summary

Vulnerable Configurations

Exploit-Db

References