CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4475

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile16.56th
PublishedApr 1, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.

Affected Platforms (CPE)

πŸ“¦
Sap

Sapgui

All versions
πŸ“¦
Sap

Sapgui

<= 7.10
πŸ“¦
Sap

Sapgui

= 4.6
πŸ“¦
Sap

Sapgui

= 4.6
πŸ“¦
Sap

Sapgui

= 4.6a
πŸ“¦
Sap

Sapgui

= 4.6a
πŸ“¦
Sap

Sapgui

= 4.6b
πŸ“¦
Sap

Sapgui

= 4.6b
πŸ“¦
Sap

Sapgui

= 4.6c
πŸ“¦
Sap

Sapgui

= 4.6c
πŸ“¦
Sap

Sapgui

= 4.6d
πŸ“¦
Sap

Sapgui

= 4.6d
πŸ“¦
Sap

Sapgui

= 6.40

References & Advisories

πŸ”— http://secunia.com/advisories/34559
πŸ”— http://www.kb.cert.org/vuls/id/985449
πŸ”— http://www.securityfocus.com/bid/34310
πŸ”— http://www.vupen.com/english/advisories/2009/0892
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/49543
πŸ”— https://service.sap.com/sap/support/notes/1153794
πŸ”— http://secunia.com/advisories/34559
πŸ”— http://www.kb.cert.org/vuls/id/985449

Related Vulnerabilities

CVE-2016-98329.9

PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attack...

CVE-2008-43879.3

Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arb...

CVE-2007-36057.6

Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI al...

CVE-2003-10357.5

The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SA...