SAP users warned of GUI security flaw


SAP users warned of GUI security flaw

Antony Savvas

SAP users are being warned of a security vulnerability in their SAP graphical user interface (GUI).

The US Computer Emergency Readiness Team (Cert) says the SAPgui's MDrmSap ActiveX control code is vulnerable to remote hackers.

The MDrmSap ActiveX control is provided with the SAPgui software, and Cert says it contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

The MDrmSap ActiveX control "contains an unspecified flaw that causes Internet Explorer to crash in an exploitable manner when it attempts to instantiate the control", says Cert.

By convincing a user to view a specially crafted HTML document (a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user, Cert said.

The attacker could also cause Internet Explorer (or the program using the browser) to crash.

Cert said the flaw could be tackled by a patch issued by SAP.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy