Integer Overflow Vulnerability in SAP Crystal Reports 2008
CVE-2010-3032

Currently unrated

Key Information:

Vendor: SAP
Status: Crystal Reports
Vendor: CVE Published:; 17 August 2010

Summary

An integer overflow vulnerability exists in the OBGIOPServerWorker::extractHeader function located in the ebus-3-3-2-6.dll of SAP Crystal Reports 2008. This flaw allows remote attackers to craft a GIOP packet with a size that triggers a heap-based buffer overflow, potentially leading to denial of service through crashes and the possibility of executing arbitrary code.

References

http://www.vupen.com/english/advisories/2010/2074

vdb-entryx_refsource_VUPEN

http://dvlabs.tippingpoint.com/advisory/TPTI-10-07

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/61065

vdb-entryx_refsource_XF

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 17, 2010
Vulnerability Reserved
Aug 17, 2010