CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-4475

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile16.56th
Published2009年4月1日
Last Modified2026年4月23日

Vulnerability Description

Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.

Affected Platforms (CPE)

📦
Sap

Sapgui

All versions
📦
Sap

Sapgui

<= 7.10
📦
Sap

Sapgui

= 4.6
📦
Sap

Sapgui

= 4.6
📦
Sap

Sapgui

= 4.6a
📦
Sap

Sapgui

= 4.6a
📦
Sap

Sapgui

= 4.6b
📦
Sap

Sapgui

= 4.6b
📦
Sap

Sapgui

= 4.6c
📦
Sap

Sapgui

= 4.6c
📦
Sap

Sapgui

= 4.6d
📦
Sap

Sapgui

= 4.6d
📦
Sap

Sapgui

= 6.40

References & Advisories

🔗 http://secunia.com/advisories/34559
🔗 http://www.kb.cert.org/vuls/id/985449
🔗 http://www.securityfocus.com/bid/34310
🔗 http://www.vupen.com/english/advisories/2009/0892
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/49543
🔗 https://service.sap.com/sap/support/notes/1153794
🔗 http://secunia.com/advisories/34559
🔗 http://www.kb.cert.org/vuls/id/985449

相关漏洞威胁

CVE-2016-98329.9

PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attack...

CVE-2008-43879.3

Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arb...

CVE-2007-36057.6

Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI al...

CVE-2003-10357.5

The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SA...