SAP GUI KWEdit ActiveX Control SaveDocumentAs() Insecure Method
High Nessus Plugin ID 36163
SynopsisThe remote Windows host has an ActiveX control that is affected by a remote code execution vulnerability.
DescriptionThe version of the KWEdit ActiveX control on the remote host is reportedly affected by a remote code execution vulnerability. The control provides the insecure method 'SaveDocumentAs()', which saves an HTML document to a specified location. This can be exploited in combination with e.g. the 'OpenDocument()' method to disclose file contents or to execute arbitrary code on the affected host subject to the user's privileges.
SolutionUpgrade to the latest version and verify the kill bit is set.