Vuln: SAP GUI CVE-2017-6950 Remote Code Execution Vulnerability

Bugtraq ID: 96872
Class: Unknown
CVE: CVE-2017-6950

Remote: Yes
Local: No
Published: Mar 14 2017 12:00AM

Credit: The vendor reported this issue.
Vulnerable: SAP Gui 7.50 CORE SP000
SAP Gui 7.30
SAP Gui 7.20
SAP Gui 10.0.1

Not Vulnerable:

Discussion

SAP GUI CVE-2017-6950 Remote Code Execution Vulnerability

SAP GUI is prone to a remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application.

Note: This issue was previously titled 'SAP GUI Unspecified Remote Code Execution Vulnerability'. The title and technical details have been changed to better reflect the vulnerability impact.

Exploit

SAP GUI CVE-2017-6950 Remote Code Execution Vulnerability

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References

SAP GUI CVE-2017-6950 Remote Code Execution Vulnerability

References:

• SAP Homepage (SAP)
  
• SAP Vulnerability Puts Business Data at Risk for Thousands of Companies (SAP)
  
• [ERPSCAN-17-011] SAP GUI all versions Remote Code Execution + bypass security po (ERPScan)
  
• SAP Security Note 2407616 (SAP)
  
• SAP Security Patch Day â?? March 2017 (SAP)
  

Source: www.securityfocus.com