This latest blog post, Context’s Michael Jordan details a vulnerability that was found in SAP’s Host Control service. The vulnerability allows for 100% reliable full code execution as the SAP administrator from an unauthenticated perspective. This vulnerability was patched in May 2012 and at the request of SAP, Context have delayed the publication of the details by 3 months. As we believe the vulnerability and the technique used to exploit it are technically interesting, we thought we would go into more depth than a typical advisory normally would.
Read the detailed blog post here.