CVE-2007-3608
published 2007-07-06CVE-2007-3608: Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
PriorityP426medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
2.83%
84.8th percentile
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
EnjoySAP ActiveX kweditcontrol.kwedit.1 - Remote Stack Overflow (PoC)
exploitdb·2007-07-05
CVE-2007-3608 EnjoySAP ActiveX kweditcontrol.kwedit.1 - Remote Stack Overflow (PoC)
EnjoySAP ActiveX kweditcontrol.kwedit.1 - Remote Stack Overflow (PoC)
---
Vendor: SAP
Vendor Reference: SECRES-289
Systems Affected: All Versions
Risk: High
Status: Fixed
TimeLine
Discovered: 4 January 2007
Released: 19 January 2007
Approved: 29 January 2007
Reported: 11 January 2007
Fixed: 18 May 2007
Published:
Description
EnjoySAP, also know as Enjoy is the most popular SAP GUI used today. The
latest version can be obtained from ftp://ftp.sap.com/pub/sapgui/win/
When installing EnjoySAP, in appreciation of its vast size for being a
client (around 500MB), there are an astounding 1102 ActiveX controls
installed.
A relatively brief examinaton of these controls, found a large number of
instances that would terminate EnjoySAP process, there were a number that
could create files on the
Exploit-DB
EnjoySAP ActiveX rfcguisink.rfcguisink.1 - Remote Heap Overflow (PoC)
exploitdb·2007-07-05
CVE-2007-3608 EnjoySAP ActiveX rfcguisink.rfcguisink.1 - Remote Heap Overflow (PoC)
EnjoySAP ActiveX rfcguisink.rfcguisink.1 - Remote Heap Overflow (PoC)
---
Vendor: SAP
Vendor Reference: SECRES-290
Systems Affected: All ASCII Versions
Risk: High
Status: Fixed
TimeLine
Discovered: 4 January 2007
Released: 19 January 2007
Approved: 29 January 2007
Reported: 12 January 2007
Fixed: 27 March 2007
Published:
Description
EnjoySAP, also know as Enjoy is the most popular SAP GUI used today. The
latest version can be obtained from ftp://ftp.sap.com/pub/sapgui/win/
When installing EnjoySAP, in appreciation of its vast size for being a
client (around 500MB), there are an astounding 1102 ActiveX controls
installed.
A relatively brief examinaton of these controls, found a large number of
instances that would terminate EnjoySAP process, there were a number that
could create file
No writeups or analysis indexed.
http://osvdb.org/37687http://securityreason.com/securityalert/2873http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/http://www.securityfocus.com/archive/1/472887/100/0/threadedhttp://www.securityfocus.com/bid/24776https://www.exploit-db.com/exploits/4148https://www.exploit-db.com/exploits/4149http://osvdb.org/37687http://securityreason.com/securityalert/2873http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/http://www.securityfocus.com/archive/1/472887/100/0/threadedhttp://www.securityfocus.com/bid/24776https://www.exploit-db.com/exploits/4148https://www.exploit-db.com/exploits/4149
2007-07-06
Published