Untrusted Search Path Vulnerabilities in SAP GUI 6.4 through 7.2

Untrusted Search Path Vulnerabilities in SAP GUI 6.4 through 7.2

CVE-2011-5154 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information.

Learn more about our User Device Pen Test.