SAP SAPgui SAPIrRfc ActiveX (sapirrfc.dll) Accept Function Overflow

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.

Description :

The remote host contains the 'SAPIrRfc' ActiveX control included with
SAP GUI version 6.40 for Windows.

This control is reportedly affected by a heap-based overflow involving
the 'Accept' method of 'IRfcServer' interface of the 'SAPIrRfc'
control.

If an attacker can trick a user on the affected host into visiting a
specially crafted web page, this issue could be leveraged to execute
arbitrary code on the host subject to the user's privileges.

The existence of this vulnerability is confirmed in sapirrfc.dll
version 4.0.2.4. Previous versions may also be affected.

See also :

http://dsecrg.com/pages/vul/show.php?id=115
http://www.securityfocus.com/archive/1/504141/30/0/threaded
https://service.sap.com/sap/support/notes/1286637

Solution :

Apply the patch for the control as described in the vendor advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 40618 ()

Bugtraq ID: 35256

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now