CVE-2008-4387

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

U

nspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.

References

Link	Resource
http://osvdb.org/49721
http://www.kb.cert.org/vuls/id/277313	US Government Resource
http://www.securityfocus.com/bid/32186
http://www.vupen.com/english/advisories/2008/3106
https://exchange.xforce.ibmcloud.com/vulnerabilities/46440
http://osvdb.org/49721
http://www.kb.cert.org/vuls/id/277313	US Government Resource
http://www.securityfocus.com/bid/32186
http://www.vupen.com/english/advisories/2008/3106
https://exchange.xforce.ibmcloud.com/vulnerabilities/46440

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:sap:sapgui::::::::
	cpe:2.3:a:simba_technologies:mdrmsap_activex_control::::::::

cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:51

Type	Values Removed	Values Added
References	~~() http://osvdb.org/49721 -~~	() http://osvdb.org/49721 -
References	~~() http://www.kb.cert.org/vuls/id/277313 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/277313 - US Government Resource
References	~~() http://www.securityfocus.com/bid/32186 -~~	() http://www.securityfocus.com/bid/32186 -
References	~~() http://www.vupen.com/english/advisories/2008/3106 -~~	() http://www.vupen.com/english/advisories/2008/3106 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/46440 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/46440 -

Information

Published : 2008-11-10 16:15

Updated : 2025-04-09 00:30

NVD link : CVE-2008-4387

Mitre link : CVE-2008-4387

CVE.ORG link : CVE-2008-4387

JSON object : View

Products Affected

internet_explorer

simba_technologies

mdrmsap_activex_control

sapgui

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2008-4387", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-11-10T16:15:04.907", "references": [{"url": "http://osvdb.org/49721", "source": "[email protected]"}, {"url": "http://www.kb.cert.org/vuls/id/277313", "tags": ["US Government Resource"], "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/32186", "source": "[email protected]"}, {"url": "http://www.vupen.com/english/advisories/2008/3106", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46440", "source": "[email protected]"}, {"url": "http://osvdb.org/49721", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/277313", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/32186", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/3106", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46440", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el control ActiveX MDrmSap de Simba en mdrmsap.dll en SAP SAPgui permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores desconocidos que involucran la instanciaci\u00f3n por Internet Explorer."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:sapgui:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B5B9DE5-0BD7-48C8-B09C-1F1E1AB58F69"}, {"criteria": "cpe:2.3:a:simba_technologies:mdrmsap_activex_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9956870B-8039-46E9-9839-ECD464D08CE8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]", "evaluatorSolution": "Patch Information (SAP Login Required) = http://service.sap.com/sap/support/notes/1142431"}