SAP Netweaver is prone to multiple overflow conditions. The issues are triggered when boundary errors occur in msg_server.exe, which will result in stack-based buffer overflows. With a specially crafted parameter or parameter name in a package containing opcode 0x43 and sub-opcode 0x4, a remote attacker can potentially execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, SAP has released a patch to address this vulnerability.

• Security Tracker: 1027211
• CVE ID: 2012-4341 (see also: NVD)
• Secunia Advisory ID: 49744
• Vendor Specific News/Changelog Entry: http://scn.sap.com/docs/DOC-8218
• Vendor URL: http://www.sap.com/index.epx
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-12-104/
  http://www.zerodayinitiative.com/advisories/ZDI-12-111/
  http://www.zerodayinitiative.com/advisories/ZDI-12-112/
• Vendor Specific Advisory URL: https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840 [ Auth Req'd ]
  https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838 [ Auth Req'd ]

• e6af8de8b1d4b2b6d5ba2610cbf9cd38 - Zero Day Initiative (ZDI)