SAP Plant Connectivity CVE-2017-16690 DLL Loading Remote Code Execution Vulnerability

SAP Plant Connectivity is prone to a remote code-execution vulnerability.

A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application.

SAP Plant Connectivity versions 2.3, and 15.0 are vulnerable.

Information

Bugtraq ID: 102145
Class: Design Error
CVE: CVE-2017-16690

Remote: Yes
Local: No
Published: Dec 12 2017 12:00AM
Updated: Dec 12 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: SAP Plant Connectivity 2.3
SAP Plant Connectivity 15.0

Not Vulnerable:

Exploit

Attackers must trick a user into opening a file on a remote WebDAV or SMB share to exploit this issue.

A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.

References:

Exploiting DLL Hijacking Flaws (hdm)
More information about the DLL Preloading remote attack vector (Microsoft)
SAP Homepage (SAP)
SAP Security Patch Day â?? December 2017 (SAP)

Source: www.securityfocus.com

Exploit Collector

Search Exploit