CVE-2006-4133

Name of the Vulnerable Software and Affected Versions SAP Internet Graphics Service (IGS) versions 6.40 and earlier SAP Internet Graphics Service (IGS) versions 7.00 and earlier

Description The issue allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument. This triggers the overflow during error message construction when the snprintf function returns a negative value that is used in a memcpy operation.

Recommendations For SAP Internet Graphics Service (IGS) versions 6.40 and earlier, update to a version later than 6.40 to resolve the issue. For SAP Internet Graphics Service (IGS) versions 7.00 and earlier, update to a version later than 7.00 to resolve the issue. As a temporary workaround, consider restricting access to the HTTP request with the ADM:GETLOGFILE command to minimize the risk of exploitation.