CVE-2012-4341

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.

Published: Aug 15, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-4341
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
sap / netweaver_abap	7.0	7.0.x
sap / netweaver_abap	7.02-sp6	7.02-sp6.x
sap / netweaver_abap	7.03-sp4	7.03-sp4.x

http://scn.sap.com/docs/DOC-8218
http://secunia.com/advisories/49744
http://www.securitytracker.com/id?1027211
http://www.zerodayinitiative.com/advisories/ZDI-12-104/
http://www.zerodayinitiative.com/advisories/ZDI-12-111/
http://www.zerodayinitiative.com/advisories/ZDI-12-112/
https://service.sap.com/sap/support/notes/1649838
https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840
https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840

Vulnerability Database

290,206

CVE-2012-4341