CVE-2008-0621
SapLPD 6.28 - Remote Buffer Overflow
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.
Desbordamiento de búfer en SAPLPD 6.28 y anteriores incluidas en SAP GUI 7.10 y SAPSprint antes de 1018. Permite a atacantes remotos ejecutar código de su elección a través de argumentos largos a los comandos 1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04 y (5) 0x05 LPD.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-02-05 CVE Reserved
- 2008-02-06 CVE Published
- 2010-05-09 First Exploit
- 2024-08-07 CVE Updated
- 2024-11-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/28811 | Third Party Advisory | |
| http://securityreason.com/securityalert/3619 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/487508/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/487575/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1019300 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0409 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0438 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16338 | 2010-05-09 | |
| https://www.exploit-db.com/exploits/5079 | 2024-08-07 | |
| http://www.securityfocus.com/bid/27613 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28786 | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Sapgui Search vendor "Sap" for product "Sapgui" | 7.10 Search vendor "Sap" for product "Sapgui" and version "7.10" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saplpd Search vendor "Sap" for product "Saplpd" | <= 6.28 Search vendor "Sap" for product "Saplpd" and version " <= 6.28" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Sapsprint Search vendor "Sap" for product "Sapsprint" | * | - |
Affected
| ||||||