CVE-2010-3032

Name of the Vulnerable Software and Affected Versions SAP Crystal Reports 2008

Description The issue is related to an integer overflow in the OBGIOPServerWorker::extractHeader function, located in the ebus-3-3-2-6.dll module. This overflow can be triggered by a GIOP packet with a crafted size, potentially leading to a heap-based buffer overflow. As a result, remote attackers may cause a denial of service, resulting in a crash, and possibly execute arbitrary code.

Recommendations For SAP Crystal Reports 2008, consider restricting access to the OBGIOPServerWorker::extractHeader function until a patch is available. As a temporary workaround, avoid using crafted GIOP packets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.