Original URL: https://www.theregister.com/2007/07/09/sap_update/

SAP upgrades foil buffer overflow flaws

Nick of time

By John Leyden

Posted in The Channel, 9th July 2007 11:33 GMT

Security researchers have discovered a slew of vulnerabilities in enterprise software packages from SAP that create a means for hackers inject malware onto or crash vulnerable systems.

The vulnerabilities involve two ActiveX controls buffer overflow in EnjoySAP GUI and separate buffer overflow flaws in SAP's Message Server and SAP DB Web Server. Another bug leads to denial of service risks for firm's running SAP Web Application Server.

Fortunately all four sets of flaws, each discovered by Mark Litchfield of NGSSoftware, can be addressed by updating to the latest versions of SAP's software. ®