CVE-2010-2590 : Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753

Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.

Published 2010-12-22 03:00:03

Updated 2018-10-10 19:59:50

Source Flexera Software LLC

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2010-2590

Probability of exploitation activity in the next 30 days: 90.76%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2010-2590

Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow

Disclosure Date: 2010-12-14

First seen: 2020-04-26

exploit/windows/browser/crystal_reports_printcontrol

This module exploits a heap based buffer overflow in the CrystalPrintControl ActiveX, while handling the ServerResourceVersion property. The affected control can be found in the PrintControl.dll component as included with Crystal Reports 2008. This module has been

More information

CVSS scores for CVE-2010-2590

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-2590

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-2590

http://www.securityfocus.com/archive/1/515369/100/0/threaded

SecurityFocus
http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html

pocoftheday
Exploit
http://www.securityfocus.com/bid/45387

SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability
Exploit
http://www.securitytracker.com/id?1024915

SAP Crystal Reports Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code - SecurityTracker
https://service.sap.com/sap/support/notes/1539269
http://www.exploit-db.com/exploits/15733

Crystal Reports Viewer 12.0.0.549 - 'PrintControl.dll' ActiveX - Windows remote Exploit
Exploit

Products affected by CVE-2010-2590

SAP » Crystal Reports » Version: 2008 Update Sp3 Fp3.2
cpe:2.3:a:sap:crystal_reports:2008:sp3_fp3.2:*:*:*:*:*:*
Matching versions