CVE-2007-3607

EnjoySAP - Denial of Service via ActiveX Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-3607. PoCs published by Mark Litchfield.

AI-analyzed exploit summary This exploit demonstrates a heap overflow vulnerability in the EnjoySAP (SAP GUI for Windows) ActiveX control 'rfcguisink.rfcguisink.1' via the 'LaunchGui' function. It triggers the vulnerability by passing an overly long string argument, potentially leading to remote code execution.

Description

Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Mark Litchfield · htmldoswindows
https://www.exploit-db.com/exploits/4149

This exploit demonstrates a heap overflow vulnerability in the EnjoySAP (SAP GUI for Windows) ActiveX control 'rfcguisink.rfcguisink.1' via the 'LaunchGui' function. It triggers the vulnerability by passing an overly long string argument, potentially leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SAP GUI for Windows (EnjoySAP) - All ASCII Versions
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX controls must be enabled in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Mark Litchfield · htmldoswindows
https://www.exploit-db.com/exploits/4148

This exploit demonstrates a stack overflow vulnerability in the EnjoySAP SAP GUI for Windows via the ActiveX control 'kweditcontrol.kwedit.1'. The 'PrepareToPostHTML' function is exploited with a long string to trigger a buffer overflow.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SAP GUI for Windows (EnjoySAP), all versions
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX controls must be enabled in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2873
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37688
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24776
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4148
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/472887/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4149

Scores

EPSS 0.0376
EPSS Percentile 88.5%

Details

Status published
Products (1)
sap/enjoysap
Published Jul 06, 2007
Tracked Since Feb 18, 2026