Vulnerability Description
Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Business Client | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/35796Vendor Advisory
- http://www.securityfocus.com/bid/45396
- http://www.securitytracker.com/id?1024890
- http://www.vupen.com/english/advisories/2010/3239Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-10-290/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64061
- https://service.sap.com/sap/support/notes/1519966
- http://secunia.com/advisories/35796Vendor Advisory
- http://www.securityfocus.com/bid/45396
- http://www.securitytracker.com/id?1024890
- http://www.vupen.com/english/advisories/2010/3239Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-10-290/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64061
- https://service.sap.com/sap/support/notes/1519966
FAQ
What is CVE-2010-4556?
CVE-2010-4556 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadThe...
How severe is CVE-2010-4556?
CVE-2010-4556 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4556?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Business Client.