Vulnerabilities > CVE-2008-4830 - Remote Code Execution vulnerability in SAP AG SAPgui KWEdit ActiveX Control Insecure Method
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | EnjoySAP SAP GUI ActiveX Control Arbitrary File Download. CVE-2008-4830. Remote exploit for windows platform |
id | EDB-ID:16493 |
last seen | 2016-02-01 |
modified | 2010-12-01 |
published | 2010-12-01 |
reporter | metasploit |
source | https://www.exploit-db.com/download/16493/ |
title | EnjoySAP SAP GUI ActiveX Control Arbitrary File Download |
Metasploit
description | This module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41). |
id | MSF:EXPLOIT/WINDOWS/BROWSER/ENJOYSAPGUI_COMP_DOWNLOAD |
last seen | 2020-06-10 |
modified | 2017-07-24 |
published | 2010-12-01 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/enjoysapgui_comp_download.rb |
title | EnjoySAP SAP GUI ActiveX Control Arbitrary File Download |
Nessus
NASL family | Windows |
NASL id | SAPGUI_KWEDIT_ACTIVEX.NASL |
description | The version of the KWEdit ActiveX control on the remote host is reportedly affected by a remote code execution vulnerability. The control provides the insecure method |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 36163 |
published | 2009-04-15 |
reporter | This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/36163 |
title | SAP GUI KWEdit ActiveX Control SaveDocumentAs() Insecure Method |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/96318/enjoysapgui_comp_download.rb.txt |
id | PACKETSTORM:96318 |
last seen | 2016-12-05 |
published | 2010-12-03 |
reporter | MC |
source | https://packetstormsecurity.com/files/96318/EnjoySAP-SAP-GUI-ActiveX-Control-Arbitrary-File-Download.html |
title | EnjoySAP SAP GUI ActiveX Control Arbitrary File Download |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 34524 CVE(CAN) ID: CVE-2008-4830 SAPgui是SAP软件的图形用户界面客户端。 SAPgui所捆绑的KWEdit ActiveX控件(KWEDIT.DLL)提供了不安全的SaveDocumentAs()函数。如果用户受骗访问了恶意网页的话,该函数可能将 HTML文档保存到指定的位置。如果结合OpenDocument()方式的话,远程攻击者就可以泄露任意文件的内容,或在用户系统上执行任意代码。 SAP Sapgui 7.10 Patch 5 SAP Sapgui 6.40 Patch 29 SAP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=https://service.sap.com/sap/support/notes/1294913 target=_blank rel=external nofollow>https://service.sap.com/sap/support/notes/1294913</a> |
id | SSV:5063 |
last seen | 2017-11-19 |
modified | 2009-04-16 |
published | 2009-04-16 |
reporter | Root |
title | SAP GUI KWEdit ActiveX控件不安全SaveDocumentAs()调用漏洞 |