CVE-2007-3606

SAP EnjoySAP - Heap-Based Buffer Overflow via LaunchGui Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3606. PoCs published by Mark Litchfield.

AI-analyzed exploit summary This exploit demonstrates a heap overflow vulnerability in the EnjoySAP (SAP GUI for Windows) ActiveX control 'rfcguisink.rfcguisink.1' via the 'LaunchGui' function. It triggers the vulnerability by passing an overly long string argument, potentially leading to remote code execution.

Description

Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mark Litchfield · htmldoswindows

https://www.exploit-db.com/exploits/4149

View Code ZIP pw:eip

This exploit demonstrates a heap overflow vulnerability in the EnjoySAP (SAP GUI for Windows) ActiveX control 'rfcguisink.rfcguisink.1' via the 'LaunchGui' function. It triggers the vulnerability by passing an overly long string argument, potentially leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SAP GUI for Windows (EnjoySAP) - All ASCII Versions

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX controls must be enabled in the browser

MITRE ATT&CK