Vulnerabilities > CVE-2010-3032 - Numeric Errors vulnerability in SAP Crystal Reports 2008
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://dvlabs.tippingpoint.com/advisory/TPTI-10-07
- http://osvdb.org/67080
- http://secunia.com/advisories/40960
- http://www.securityfocus.com/archive/1/513023/100/0/threaded
- http://www.securityfocus.com/archive/1/513024/100/0/threaded
- http://www.securityfocus.com/archive/1/513103/100/0/threaded
- http://www.securityfocus.com/bid/42374
- http://www.securitytracker.com/id?1024334
- http://www.vupen.com/english/advisories/2010/2074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61065
- https://service.sap.com/sap/support/notes/1473327