Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors.
BusinessObjects 'RptViewerAX' is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.Attackers can exploit this issue to execute arbitrary code in the context of an application using the affected control (typically Internet Explorer). Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
The vendor released hotfix CHF74 to address this issue. Please see the references for information on how to obtain and apply this fix.
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org.