Vulnerability Details CVE-2008-4830
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.625
EPSS Ranking 98.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/32869
- http://secunia.com/secunia_research/2008-56/
- http://www.securityfocus.com/archive/1/502698/100/0/threaded
- http://www.securityfocus.com/bid/34524
- http://www.securitytracker.com/id?1022062
- http://www.vupen.com/english/advisories/2009/1043
- http://secunia.com/advisories/32869
- http://secunia.com/secunia_research/2008-56/
- http://www.securityfocus.com/archive/1/502698/100/0/threaded
- http://www.securityfocus.com/bid/34524
- http://www.securitytracker.com/id?1022062
- http://www.vupen.com/english/advisories/2009/1043