CVE-2012-4341

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.

Múltiples vulnerabilidades de desbordamiento de búfer basado en pila, en msg_server.exe en SAP NetWeaver ABAP v7.x permite a atacantes remotos causar una denegación de servicio (crash) y ejecutar código arbitrario a través de (1) un valor grande en un parámetro, (2) un campo de cadena manipulado, o (3) una cadena larga como nombre de parámetro en un paquete con (opcode) 0x43 y (sub opcode 0x4) a un puerto TCP 3900.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-08-15 CVE Reserved
2012-08-15 CVE Published
2024-09-17 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (8)

URL	Tag	Source
http://scn.sap.com/docs/DOC-8218	X_refsource_confirm
http://www.securitytracker.com/id?1027211	Vdb Entry
http://www.zerodayinitiative.com/advisories/ZDI-12-104	X_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-12-111	X_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-12-112	X_refsource_misc
https://service.sap.com/sap/support/notes/1649838	X_refsource_misc
https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/49744	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sap Search vendor "Sap"		Netweaver Abap Search vendor "Sap" for product "Netweaver Abap"				7.0 Search vendor "Sap" for product "Netweaver Abap" and version "7.0"		-		Affected
Sap Search vendor "Sap"		Netweaver Abap Search vendor "Sap" for product "Netweaver Abap"				7.02 Search vendor "Sap" for product "Netweaver Abap" and version "7.02"		sp6		Affected
Sap Search vendor "Sap"		Netweaver Abap Search vendor "Sap" for product "Netweaver Abap"				7.03 Search vendor "Sap" for product "Netweaver Abap" and version "7.03"		sp4		Affected