{"vuid":"VU#259540","idnumber":"259540","name":"SAP Internet Graphics Service buffer overflow","keywords":["SAP","Internet Graphics Service","remote buffer overflow","error messages","ADM:GETLOGFILE","portwatcher","_snprintf()"],"overview":"SAP Internet Graphics Service contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"According to SAP, The Internet Graphics Service (IGS) constitutes the infrastructure to enable the application developer to display graphics in an Internet browser with a minimum of effort. The IGS fails to properly handle HTTP requests allowing a heap-based buffer overflow to occur. Note the IGS is is enabled by default in certain versions of the SAP Web Application Server. This vulnerability may be triggered by sending a specially crafted HTTP request to a vulnerable IGS installation.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system, possibly with elevated privileges.","resolution":"According to public reports, SAP has addressed this issue. More information is available SAP Note 968423.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Mariano Nuñez Di Croce.","author":"This document was written by Jeff Gennari.","public":["http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf","http://help.sap.com/saphelp_nw04s/helpdata/en/17/86c039c7811f11e10000000a114084/content.htm"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-01-18T19:48:12Z","publicdate":"2007-01-18T00:00:00Z","datefirstpublished":"2007-01-19T16:23:53Z","dateupdated":"2007-01-19T16:26:14Z","revision":10,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"20","cam_easeofexploitation":"14","cam_attackeraccessrequired":"20","cam_scorecurrent":"11.55","cam_scorecurrentwidelyknown":"24.15","cam_scorecurrentwidelyknownexploited":"45.15","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":11.55,"vulnote":null}