SAP Control SOAP Web Service Remote Code Execution (SAP Note 1414444)
Critical Nessus Plugin ID 66807
SynopsisThe remote web server hosts a SOAP service that can be abused to execute arbitrary code.
DescriptionThe version of SAP Control, offered by 'sapstartsrv.exe', reportedly contains an arbitrary remote code execution vulnerability. A malformed SOAP request (via POST) can be used to reach an unbounded copy loop, which results in attacker-supplied data being written into existing function pointers. A remote, unauthenticated attacker could use this to execute code that, by default, runs as SYSTEM.
SolutionApply the patch referenced in the vendor's advisory.