CVEブラウザに戻る

CVE-2010-3032

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0410%

EPSS Percentile37.29th

Published2010年8月17日

Last Modified2026年4月29日

Vulnerability Description

Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.

Affected Platforms (CPE)

📦

Sap

Crystal Reports

= 2008

References & Advisories

🔗 http://dvlabs.tippingpoint.com/advisory/TPTI-10-07

🔗 http://osvdb.org/67080

🔗 http://secunia.com/advisories/40960

🔗 http://www.securityfocus.com/archive/1/513023/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/513024/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/513103/100/0/threaded

🔗 http://www.securityfocus.com/bid/42374

🔗 http://www.securitytracker.com/id?1024334

関連する脆弱性情報

CVE-2009-334610.0

Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors...

CVE-2009-334510.0

Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain ...

CVE-2019-02859.8

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database informat...

CVE-2020-268319.6

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities d...