Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code
* SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308)
* SAP KERNEL after 7.40 (7400.12.21.30308)
An attacker can use a Buffer Overflow vulnerability for injecting specially crafted code into working memory. The code will be executed by the vulnerable application. Executed commands will run with the same privileges as the service that executed them. This can lead to taking complete control over the application, denial of service, command execution, and other attacks. In case of command execution, the attacker can obtain critical technical and business-related information stored on the vulnerable SAP system, or escalate their privileges. If denial of service happens, the process of the vulnerable component can be terminated. Nobody will be able use this service, which negatively influences business processes, system downtime, and business reputation.