This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.
The remote host contains the 'MDrmSap' ActiveX control included with
SAP GUI version 6.40 for Windows.
This control is reportedly affected by a buffer overflow involving
instantiation by Internet Explorer.
If an attacker can trick a user on the affected host into visiting a
specially crafted web page, he may be able to leverage these issues to
execute arbitrary code on the host subject to the user's privileges.
The existence of this vulnerability is confirmed in mdrmsap.dll version
188.8.131.525. Previous versions may also be affected.
See also :
Apply the patch for the control as described in the vendor advisory.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true