{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3032", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2010-2074", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2074" }, { "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07", "refsource": "MISC", "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07" }, { "name": "sap-crystal-giop-bo(61065)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61065" }, { "name": "20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/513103/100/0/threaded" }, { "name": "40960", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40960" }, { "name": "https://service.sap.com/sap/support/notes/1473327", "refsource": "MISC", "url": "https://service.sap.com/sap/support/notes/1473327" }, { "name": "42374", "refsource": "BID", "url": "http://www.securityfocus.com/bid/42374" }, { "name": "20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/513024/100/0/threaded" }, { "name": "20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/513023/100/0/threaded" }, { "name": "1024334", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024334" }, { "name": "67080", "refsource": "OSVDB", "url": "http://osvdb.org/67080" } ] } }