This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
c028aa1aba49bcdf2f915cc27582fb2f1fa7090e144741d9f3a5d81e7227f5a8
Secunia Research has discovered a security issue in SAP GUI, which can be exploited by malicious people to gain knowledge of sensitive information, corrupt files, or compromise a user's system. The problem is that the bundled KWEdit ActiveX control (KWEDIT.DLL) provides the insecure method "SaveDocumentAs()", which saves an HTML document to a specified location. This can be exploited in combination with e.g. the "OpenDocument()" method to disclose the contents of files or to execute arbitrary code on a user's system. SAP GUI versions 6.40 Patch 29 and 7.10 Patch 5 are affected.
7618d00c720ce23c45412fe3d1fdff7227a5fd75d55de1cf1bf99df89823fb97