SAP GUI KWEdit ActiveX Control SaveDocumentAs() Insecure Method

High Nessus Plugin ID 36163


The remote Windows host has an ActiveX control that is affected by a remote code execution vulnerability.


The version of the KWEdit ActiveX control on the remote host is reportedly affected by a remote code execution vulnerability. The control provides the insecure method 'SaveDocumentAs()', which saves an HTML document to a specified location. This can be exploited in combination with e.g. the 'OpenDocument()' method to disclose file contents or to execute arbitrary code on the affected host subject to the user's privileges.


Upgrade to the latest version and verify the kill bit is set.

See Also

Plugin Details

Severity: High

ID: 36163

File Name: sapgui_kwedit_activex.nasl

Version: $Revision: 1.10 $

Type: local

Agent: windows

Family: Windows

Published: 2009/04/15

Modified: 2014/04/17

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:W/RC:C

Vulnerability Information

CPE: cpe:/a:sap:sap_gui

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Metasploit (EnjoySAP SAP GUI ActiveX Control Arbitrary File Download)

Reference Information

CVE: CVE-2008-4830

BID: 34524

Secunia: 32869

OSVDB: 53680