SAP users warned of GUI security flaw

SAP users are being warned of a security vulnerability in their SAP graphical user interface (GUI).

SAP users are being warned of a security vulnerability in their SAP graphical user interface (GUI).

The US Computer Emergency Readiness Team (Cert) says the SAPgui's MDrmSap ActiveX control code is vulnerable to remote hackers.

The MDrmSap ActiveX control is provided with the SAPgui software, and Cert says it contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

The MDrmSap ActiveX control "contains an unspecified flaw that causes Internet Explorer to crash in an exploitable manner when it attempts to instantiate the control", says Cert.

By convincing a user to view a specially crafted HTML document (a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user, Cert said.

The attacker could also cause Internet Explorer (or the program using the browser) to crash.

Cert said the flaw could be tackled by a patch issued by SAP.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close