US-CERT warns of SAP vulnerability

By Tom Espiner, ZDNet UK
Wednesday, November 12, 2008 07:52 AM

The U.S. Computer Emergency Readiness Team has warned of a vulnerability in SAP GUI, the graphical user interface client in SAP's enterprise resource planning software.

The unspecified flaw can cause Internet Explorer (IE) to crash in an exploitable manner. The flaw lies in an ActiveX control called MDrmSap, a component of SAP GUI.

The U.S. Computer Emergency Readiness Team (U.S.-CERT) warned in an SAP Note 1142431. Login is required to access the patch.

Workarounds include disabling the MDrmSap ActiveX control in IE by setting the IE killbit for CLSID {B01952B0-AF66-11D1-B10D-0060086F6D97}, or IT professionals could disable IE ActiveX controls completely.

Security company Secunia warned in an advisory that the flaw was "highly critical". Versions of SAP GUI affected are 6.x and 7.x, according to Secunia.

0

0 votes

Save to My Library

Talkback 0 comments

There are currently no comments for this post.

Reply to story

Related Whitepapers

Tech Jobs Now!

TechGuides

Specials
News and Interviews
Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video
Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

Cryptographers discuss wisdom of 'foolishness'
Learning from doing foolish things
Play video
Security experts on next cyberwarfare steps
Protecting against threats without breaching privacy
Play video

Cost Effective, Secure and HA Server Infrastructure for SMBs
Alan Wan from Dell illustrates how small and medium businesses can build a high availability IT infrastructure without requiring heavy investments on skills and resources.
Play video
Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video