SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability

SAP AG SAPgui KWEdit ActiveX control is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows an attacker to execute arbitrary code in the context of the application running the affected control (typically Internet Explorer).

This issue affects the following:

SAPgui 6.40 Patch Level 29 with KWEDIT.DLL 6400.1.1.41
SAPgui 7.10 Patch Level 5 with KWEDIT.DLL 7100.1.1.43

Other versions may be vulnerable as well.


Privacy Statement
Copyright 2010, SecurityFocus