Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1390941-5)
Описание
1. The PC on which the BEx Web Application Designer 3.x (WAD 3.x) is installed has the operating system Windows 2000, Windows Server 2003, or Windows XP (refer to the platform validity: http://www.microsoft.com/technet/security/bulletin/MS09-046.mspx).
http://www.microsoft.com/technet/security/bulletin/MS09-046.mspx">http://www.microsoft.com/technet/security/bulletin/MS09-046.mspx).
/> 2. The security update for Windows XP (KB956844) was implemented.
3. When you edit data in the Web Application Designer 3.x, a META tag is inserted into the template. This tag declares the source text as Unicode: <META http-equiv=Content-Type content="text/html; charset=unicode">
Furthermore, you can change or delete customer-specific HTML code of the template. For further information, see Microsoft KB956844, section "More Information".
http://www.microsoft.com/technet/security/bulletin/MS09-046.mspx">http://www.microsoft.com/technet/security/bulletin/MS09-046.mspx).
/> 2. The security update for Windows XP (KB956844) was implemented.
3. When you edit data in the Web Application Designer 3.x, a META tag is inserted into the template. This tag declares the source text as Unicode: <META http-equiv=Content-Type content="text/html; charset=unicode">
Furthermore, you can change or delete customer-specific HTML code of the template. For further information, see Microsoft KB956844, section "More Information".
Как исправить
We urgently recommend that you use the WAD 3.X on the operating system Windows Vista. (Under Vista, the DHTML control of the WAD is not affected by any MS security updates).
Refer to Note 1050174 (this is also valid for the WAD 3.X) for information about the installation of dhtmled.msi.
Go to http://support.microsoft.com/kb/956844 where Microsoft explains the changed behavior of the DHTML control used in the WAD. Due to the changes described, we advise against using the WAD 3.X for editing Web templates after the MS security update mentioned above has been implemented on the PC.
Note that you can use the Microsoft Patch to change or delete customer-specific HTML template code. If KB956844 exists in your system, create backup copies of the Web templates before you edit them using the WAD 3.x to ensure that your Web templates are not destroyed (via transaction SE38: RS_TEMPLATE_MAINTAIN).
You can remove the Unicode meta tag in the Web template manually (via transaction SE38: RS_TEMPLATE_MAINTAIN).
This procedure corrects the display of incomprehensible characters (Mojibake), provided no more HTML code has been changed or deleted due to the security update.
Refer to Note 1050174 (this is also valid for the WAD 3.X) for information about the installation of dhtmled.msi.
Go to http://support.microsoft.com/kb/956844 where Microsoft explains the changed behavior of the DHTML control used in the WAD. Due to the changes described, we advise against using the WAD 3.X for editing Web templates after the MS security update mentioned above has been implemented on the PC.
Note that you can use the Microsoft Patch to change or delete customer-specific HTML template code. If KB956844 exists in your system, create backup copies of the Web templates before you edit them using the WAD 3.x to ensure that your Web templates are not destroyed (via transaction SE38: RS_TEMPLATE_MAINTAIN).
You can remove the Unicode meta tag in the Web template manually (via transaction SE38: RS_TEMPLATE_MAINTAIN).
This procedure corrects the display of incomprehensible characters (Mojibake), provided no more HTML code has been changed or deleted due to the security update.
Ссылки