Vulnerability in Sap Crystal_reports
CVE-2010-3032
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packe…
EPSS: 0.256 (96.3th percentile) — read the EPSS interpretation.
Affected products
- Sap Crystal_reports — versions 2008
- N/a — versions n/a
Weakness classification (CWE)
References
- ADV-2010-2074 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- cve@mitre.org (x_refsource_MISC)
- sap-crystal-giop-bo(61065) (vdb-entry, x_refsource_XF)
- 20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
- 40960 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_MISC)
- 42374 (vdb-entry, x_refsource_BID)
- 20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
- 20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
- 1024334 (vdb-entry, x_refsource_SECTRACK)