Secunia Research has discovered a security issue in SAP GUI, which can be exploited by malicious people to gain knowledge of sensitive information, corrupt files, or compromise a user’s system. The problem is that the bundled KWEdit ActiveX control (KWEDIT.DLL) provides the insecure method “SaveDocumentAs()”, which saves an HTML document to a specified location. This can be exploited in combination with e.g. the “OpenDocument()” method to disclose the contents of files or to execute arbitrary code on a user’s system. SAP GUI versions 6.40 Patch 29 and 7.10 Patch 5 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76690/secunia-sapguisda.txt
Source: https://packetstormsecurity.com/files/76690/SAP-GUI-KWEdit-ActiveX-Control-SaveDocumentAs-Insecure-Method.html