CVE-2008-4387

Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.kb.cert.org/vuls/id/277313	US Government Resource
http://www.securityfocus.com/bid/32186
http://osvdb.org/49721
http://www.vupen.com/english/advisories/2008/3106
https://exchange.xforce.ibmcloud.com/vulnerabilities/46440

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:sap:sapgui::::::::
	cpe:2.3:a:simba_technologies:mdrmsap_activex_control::::::::

cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

Information

Published : 2008-11-10 08:15

Updated : 2017-08-07 18:32

NVD link : CVE-2008-4387

Mitre link : CVE-2008-4387

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Products Affected

simba_technologies

mdrmsap_activex_control

sap

sapgui

microsoft

internet_explorer

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/277313", "name": "VU#277313", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/32186", "name": "32186", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/49721", "name": "49721", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2008/3106", "name": "ADV-2008-3106", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46440", "name": "sap-mdrmsap-code-execution(46440)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-4387", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-11-10T16:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sap:sapgui:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:simba_technologies:mdrmsap_activex_control:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:32Z"}

9.3 /10