1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. MSIE SAPgui KWEdit ActiveX Insecure Method

MSIE SAPgui KWEdit ActiveX Insecure Method

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detect attemp to exploit SAPgui KWEdit ActiveX Control insecure Method which may compromise a computer.

Additional Information

SAP AG SAPgui is a graphical user interface (GUI) included in various SAP applications.

SAPgui KWEdit ActiveX control is prone to a remote code-execution vulnerability. The control (provided by 'KWEDIT.DLL') includes a method called 'OpenDocument()' that allows an attacker to download and execute arbitrary files on the victim's computer in the context of the application running the affected control (typically Internet Explorer). The attacker could also use the vulnerable method to gain access to arbitrary files.

This issue affects the following:

SAPgui 6.40 Patch Level 29 with KWEDIT.DLL 6400.1.1.41
SAPgui 7.10 Patch Level 5 with KWEDIT.DLL 7100.1.1.43

Other versions may be vulnerable as well.


  • SAPgui 6.40,SAPgui 7.10
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube