cpe:/a:sap:crystal_reports:2008 CVE-2010-3032 2010-08-17T16:00:04.797-04:00 2017-08-16T21:32:53.947-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-08-18T18:44:00.000-04:00 SECTRACK 1024334 BUGTRAQ 20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability BUGTRAQ 20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability BUGTRAQ 20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability SECUNIA 40960 BID 42374 OSVDB 67080 VUPEN ADV-2010-2074 MISC http://dvlabs.tippingpoint.com/advisory/TPTI-10-07 MISC https://service.sap.com/sap/support/notes/1473327 XF sap-crystal-giop-bo(61065) Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.