CVE-2008-4830 - Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 640

CVE-2008-4830

Summary

Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.

References

Vulnerable Configurations

cpe:2.3:a:sap:sap_gui:6.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_gui:6.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_gui:7.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_gui:7.10:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 11-10-2018 - 20:52)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	34524
bugtraq	20090415 Secunia Research: SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method
misc	http://secunia.com/secunia_research/2008-56/
sectrack	1022062
secunia	32869
vupen	ADV-2009-1043

Last major update

11-10-2018 - 20:52

Published

16-04-2009 - 15:12

Last modified

11-10-2018 - 20:52