CVE-2012-4341
SAP NetWeaver ABAP 7.x - Remote Code Execution via Crafted Package to TCP Port 3900
Title source: llmDescription
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
References (8)
Core 8
Core References
Various Sources x_refsource_misc
https://service.sap.com/sap/support/notes/1649838
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-12-112/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49744
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-12-104/
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Various Sources x_refsource_misc
https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027211
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-12-111/
Scores
EPSS
0.1733
EPSS Percentile
95.1%
Details
CWE
CWE-119
Status
published
Products (3)
sap/netweaver_abap
7.0
sap/netweaver_abap
7.02 sp6
sap/netweaver_abap
7.03 sp4
Published
Aug 15, 2012
Tracked Since
Feb 18, 2026