SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability

To exploit this issue, attackers must trick a victim into viewing a malicious webpage.

A commercial proof of concept is available through VUPEN Security - Exploit and PoCs Service. This proof of concept is not otherwise publicly available or known to be circulating in the wild.

A Metasploit exploit module is available:


 

Privacy Statement
Copyright 2010, SecurityFocus