Heap-based Buffer Overflow in SAP Crystal Reports ActiveX Control
CVE-2010-2590

Currently unrated

Key Information:

Vendor

SAP
Status
Crystal Reports
Vendor
CVE Published:
22 December 2010

What is CVE-2010-2590?

The SAP Crystal Reports 2008 SP3 Fix Pack 3.2 contains a vulnerability in the CrystalPrintControl ActiveX control, specifically in PrintControl.dll version 12.3.2.753. This flaw allows remote attackers to exploit a heap-based buffer overflow by supplying an overly long value to the ServerResourceVersion property. Successful exploitation could lead to arbitrary code execution on the affected system, compromising confidentiality and integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://service.sap.com/sap/support/notes/1539269
x_refsource_MISC
http://www.exploit-db.com/exploits/15733
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/45387
vdb-entryx_refsource_BID

EPSS Score

78% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.