SAP NetWeaver Composition Environment sapstartsrv.exe: Remote Code Execution Vulnerability

Users of SAP NetWeaver Composition Environment sapstartsrv.exe please be advised of a Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

ZDI-10-236: [ZDI-10-236] SAP NetWeaver Composition Environment sapstartsrv.exe Remote Code Execution Vulnerabili

— Affected Products:
SAP NetWeaver
— Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of SAP NetWeaver Composition Environment.
Authentication is not required to exploit this vulnerability.

The specific flaw exists within the sapstartsrv.exe process which
listens by default on ports 50013 and 50113. A malformed SOAP request
(via POST) can be used to reach an unbounded copy loop which results in
attacker-supplied data being written into existing function pointers. It
is possible for a remote attacker to leverage this vulnerability to
execute arbitrary code.