SAP users warned of GUI security flaw

News

SAP users warned of GUI security flaw

Antony Savvas

SAP users are being warned of a security vulnerability in their SAP graphical user interface (GUI).

The US Computer Emergency Readiness Team (Cert) says the SAPgui's MDrmSap ActiveX control code is vulnerable to remote hackers.

The MDrmSap ActiveX control is provided with the SAPgui software, and Cert says it contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

The MDrmSap ActiveX control "contains an unspecified flaw that causes Internet Explorer to crash in an exploitable manner when it attempts to instantiate the control", says Cert.

By convincing a user to view a specially crafted HTML document (a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user, Cert said.

The attacker could also cause Internet Explorer (or the program using the browser) to crash.

Cert said the flaw could be tackled by a patch issued by SAP.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy