CVE-2010-3032

2010-08-17 22:00:04 2018-10-10 22:00:51

Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Sap Crystal reports 2008 (not an official CPE)

Sap - Crystal reports

Advisory	Patch	Confirmed	Link
			sap-crystal-giop-bo(61065)
			https://service.sap.com/sap/support/notes/1473327
			ADV-2010-2074
			1024334
			42374
			20100813 Re: Correction to: ZDI-10-151: SAP Crystal Repo...
			20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Messa...
			20100811 RE: Correction to: ZDI-10-151: SAP Crystal Repo...
			http://dvlabs.tippingpoint.com/advisory/TPTI-10-07

CVE-2010-3032

2010-08-17 22:00:04 2018-10-10 22:00:51

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)