[FD] [CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability

1. *Advisory Information* Title: SAP SAPCAR Heap Based Buffer Overflow Vulnerability Advisory ID: CORE-2017-0001 Advisory URL: http://ift.tt/2r2CEfM heap-based-buffer-overflow-vulnerability Date published: 2017-05-10 Date of last update: 2017-05-10 Vendors contacted: SAP Release mode: Coordinated release 2. *Vulnerability Information* Class: Heap-based Buffer Overflow [CWE-122] Impact: Code execution Remotely Exploitable: No Locally Exploitable: Yes CVE Name: CVE-2017-8852 3. *Vulnerability Description* SAP [1] distributes software and packages using an archive program called SAPCAR [2]. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. 4. *Vulnerable Packages* SAPCAR archive tool version 721.510 Other products and versions might be affected, but they were not tested. 5. *Vendor Information, Solutions and Workarounds* SAP published the following Security Notes: . 2441560 6. *Credits* This vulnerability was discovered and researched by Martin Gallo and Maximiliano Vidal from Core Security Consulting Services. The publication of this advisory was coordinated by Alberto Solino from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* This vulnerability is caused by a controlled heap buffer overflow when opening a specially crafted CAR archive file. The following python code can be used to generate an archive file that triggers the vulnerability: /--

Source: Gmail -> IFTTT-> Blogger