CVE-2010-3032

Currently unrated

Key Information:

Vendor: SAP
Status: Crystal Reports
Vendor: CVE Published:; 17 August 2010

Summary

Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.

References

http://www.vupen.com/english/advisories/2010/2074

vdb-entryx_refsource_VUPEN

http://dvlabs.tippingpoint.com/advisory/TPTI-10-07

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/61065

vdb-entryx_refsource_XF

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 17, 2010
Vulnerability Reserved
Aug 17, 2010