Article

Critical SAP flaw leaves systems vulnerable to attack

SearchSecurity.com Staff

A serious ActiveX flaw in SAP's graphical user interface (GUI) could be exploited by an attacker to gain access to critical files and sensitive data.

SAPgui is used in the company's enterprise resource planning applications. Based in Waldorf, Germany, the software vendor says it has more than 75,000 customers.

The vulnerability can be exploited remotely by an unauthenticated hacker, according to an advisory issued by the United States Computer Emergency Readiness Team (US-CERT). The flaw is in the ActiveX control, MDrmSap, which could crash Internet Explorer when handling malicious code, US-CERT said.

Danish vulnerability clearinghouse Secunia gave the

    Requires Free Membership to View

flaw a highly critical rating. To exploit the flaw, an attacker must trick a user into viewing a malicious website or email message, Secunia said.

SAP issued an update correcting the flaw. As a workaround, the vulnerable ActiveX control can be disabled in Internet Explorer by setting the appropriate kill bit, or by disabling ActiveX in the Internet Zone, US-CERT said in its advisory.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: