CVE-2008-4387

Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/49721
http://www.kb.cert.org/vuls/id/277313	US Government Resource
http://www.securityfocus.com/bid/32186
http://www.vupen.com/english/advisories/2008/3106
https://exchange.xforce.ibmcloud.com/vulnerabilities/46440

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:sap:sapgui::::::::
	cpe:2.3:a:simba_technologies:mdrmsap_activex_control::::::::

cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-11-10 16:15

Updated : 2024-02-04 17:33

NVD link : CVE-2008-4387

Mitre link : CVE-2008-4387

CVE.ORG link : CVE-2008-4387

JSON object : View

Products Affected

microsoft

internet_explorer

sap

sapgui

simba_technologies

mdrmsap_activex_control

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2008-4387", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-11-10T16:15:04.907", "references": [{"url": "http://osvdb.org/49721", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/277313", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/32186", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3106", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46440", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el control ActiveX MDrmSap de Simba en mdrmsap.dll en SAP SAPgui permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores desconocidos que involucran la instanciaci\u00f3n por Internet Explorer."}], "lastModified": "2017-08-08T01:32:36.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:sapgui:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B5B9DE5-0BD7-48C8-B09C-1F1E1AB58F69"}, {"criteria": "cpe:2.3:a:simba_technologies:mdrmsap_activex_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9956870B-8039-46E9-9839-ECD464D08CE8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cret@cert.org", "evaluatorSolution": "Patch Information (SAP Login Required) = http://service.sap.com/sap/support/notes/1142431"}