Lucene search

[email protected]CVE-2010-2590

HistoryDec 22, 2010 - 3:00 a.m.

CVE-2010-2590

2010-12-2203:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-2590

sap crystal reports

buffer overflow

security vulnerability

remote code execution

nvd

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.908 High

EPSS

Percentile

98.8%

JSON

Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.

CPENameOperatorVersion
sap:crystal_reportssap crystal reportseq2008

CPE	Name	Operator	Version
sap:crystal_reports	sap crystal reports	eq	2008

References

pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html

secunia.com/advisories/42305

secunia.com/secunia_research/2010-135/

www.exploit-db.com/exploits/15733

www.osvdb.org/69917

www.securityfocus.com/archive/1/515369/100/0/threaded

www.securityfocus.com/bid/45387

www.securitytracker.com/id?1024915

service.sap.com/sap/support/notes/1539269

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.908 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2010-2590

saint4 securityvulns2 prion1 packetstorm1 openvas2 checkpoint_advisories1