SAP Control SOAP Web Service Remote Code Execution (SAP Note 1414444)
Critical Nessus Plugin ID 66807
Synopsis
The remote web server hosts a SOAP service that can be abused to execute arbitrary code.
Description
The version of SAP Control, offered by 'sapstartsrv.exe', reportedly contains an arbitrary remote code execution vulnerability. A malformed SOAP request (via POST) can be used to reach an unbounded copy loop, which results in attacker-supplied data being written into existing function pointers. A remote, unauthenticated attacker could use this to execute code that, by default, runs as SYSTEM.
Solution
Apply the patch referenced in the vendor's advisory.