Security researchers have discovered a slew of vulnerabilities in enterprise software packages from SAP that create a means for hackers inject malware onto or crash vulnerable systems.

The vulnerabilities involve two ActiveX controls buffer overflow in EnjoySAP GUI and separate buffer overflow flaws in SAP's Message Server and SAP DB Web Server. Another bug leads to denial of service risks for firm's running SAP Web Application Server.

Fortunately all four sets of flaws, each discovered by Mark Litchfield of NGSSoftware, can be addressed by updating to the latest versions of SAP's software. ®

Related stories

• SAP sings 'Only You' to Yasu (17 October 2007)

  https://www.theregister.com/2007/10/17/sap_buys_yasu/

• SAP confesses to 'inappropriate' Oracle downloads (3 July 2007)

  https://www.theregister.com/2007/07/03/sap_oracle/

• SAP expands mobile reach (20 June 2007)

  https://www.theregister.com/2007/06/20/sap_mobile/

• SAP plays tease over mid-market Salesforce 'killer' (8 June 2007)

  https://www.theregister.com/2007/06/08/sap_a1s_salesforce/

• Unpatched enterprise security bugs proliferate (24 August 2006)

  https://www.theregister.com/2006/08/24/0-day_manace/

• Oracle in war of words with security researcher (26 January 2006)

  https://www.theregister.com/2006/01/26/security_researcher_versus_oracle/

• Sybase invokes licence gag in flaw disclosure row (5 April 2005)

  https://www.theregister.com/2005/04/05/sybase_ngssoftware_disclosure_spat/