Vulnerability Details : CVE-2008-4830
Public exploit exists!
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.
Exploit prediction scoring system (EPSS) score for CVE-2008-4830
Probability of exploitation activity in the next 30 days: 31.48%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-4830
-
EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
Disclosure Date: 2009-04-15First seen: 2020-04-26exploit/windows/browser/enjoysapgui_comp_downloadThis module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41). Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2008-4830
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2008-4830
Products affected by CVE-2008-4830
- cpe:2.3:a:sap:sap_gui:6.40:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_gui:7.10:*:*:*:*:*:*:*