Added: 12/22/2010
CVE: CVE-2010-2590
BID: 45387
OSVDB: 69917
SAP Crystal Reports allows developers to design interactive reports from virtually any data source.
A buffer overflow vulnerability in the PrintControl.dll ActiveX control allows command execution when a user loads a web page which invokes the control with a specially crafted ServerResourceVersion property.
See the SAP advisory for fix information, or set the kill bit on Class ID 88dd90b6-c770-4cff-b7a4-3afd16bb8824 as described in Microsoft Knowledge Base Article 240797.
<http://secunia.com/secunia_research/2010-135/>
Exploit works on SAP Crystal Reports 2008 (PrintControl.dll version 12.0.0.683) and requires a user to load the exploit page in Internet Explorer 7.
Due to the nature of the vulnerability, the success of the exploit may depend on the state of the target system.
Windows XP