SAP GUI KWEdit ActiveX Control SaveDocumentAs() Insecure Method

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
remote code execution vulnerability.

Description :

The version of the KWEdit ActiveX control on the remote host is
reportedly affected by a remote code execution vulnerability. The
control provides the insecure method 'SaveDocumentAs()', which saves
an HTML document to a specified location. This can be exploited in
combination with e.g. the 'OpenDocument()' method to disclose file
contents or to execute arbitrary code on the affected host subject to
the user's privileges.

See also :

http://secunia.com/secunia_research/2008-56/

Solution :

Upgrade to the latest version and verify the kill bit is set.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:F/RL:W/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 36163 ()

Bugtraq ID: 34524

CVE ID: CVE-2008-4830

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now