Heap-based Buffer Overflow in SAP Crystal Reports ActiveX Control
CVE-2010-2590

Currently unrated

Key Information:

Vendor: SAP
Status: Crystal Reports
Vendor: CVE Published:; 22 December 2010

Summary

The SAP Crystal Reports 2008 SP3 Fix Pack 3.2 contains a vulnerability in the CrystalPrintControl ActiveX control, specifically in PrintControl.dll version 12.3.2.753. This flaw allows remote attackers to exploit a heap-based buffer overflow by supplying an overly long value to the ServerResourceVersion property. Successful exploitation could lead to arbitrary code execution on the affected system, compromising confidentiality and integrity.

References

https://service.sap.com/sap/support/notes/1539269

x_refsource_MISC

http://www.exploit-db.com/exploits/15733

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/45387

vdb-entryx_refsource_BID

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 22, 2010
Vulnerability Reserved
Jul 1, 2010