SAP Crystal Reports PrintControl.dll ServerResourceVersion buffer overflow

Added: 12/22/2010
CVE: CVE-2010-2590
BID: 45387
OSVDB: 69917

Background

SAP Crystal Reports allows developers to design interactive reports from virtually any data source.

Problem

A buffer overflow vulnerability in the PrintControl.dll ActiveX control allows command execution when a user loads a web page which invokes the control with a specially crafted ServerResourceVersion property.

Resolution

See the SAP advisory for fix information, or set the kill bit on Class ID 88dd90b6-c770-4cff-b7a4-3afd16bb8824 as described in Microsoft Knowledge Base Article 240797.

References

http://secunia.com/secunia_research/2010-135/

Limitations

Exploit works on SAP Crystal Reports 2008 (PrintControl.dll version 12.0.0.683) and requires a user to load the exploit page in Internet Explorer 7.

Due to the nature of the vulnerability, the success of the exploit may depend on the state of the target system.

Platforms

Windows XP

Back to exploit index