Details of VAR-E-200909-0247

ID

VAR-E-200909-0247

CVE

cve_id:

CVE-2009-3344

Trust: 0.3

sources: BID: 36267

TITLE

SAP Crystal Reports Server Multiple Unspecified Remote Vulnerabilities

Trust: 0.3

sources: BID: 36267

DESCRIPTION

SAP Crystal Reports Server is prone to multiple unspecified remote vulnerabilities, including:
- A denial-of-service vulnerability caused by an infinite loop.
- A heap-based buffer-overflow vulnerability.
- An unspecified remote code-execution vulnerability.
Attackers can exploit these issues to execute code within the context of the affected server and cause denial-of-service conditions.

Trust: 0.3

sources: BID: 36267

AFFECTED PRODUCTS

vendor:

sap

model:

crystal reports server

scope:

version:

20080

Trust: 0.3

sources: BID: 36267

EXPLOIT

A working commercial exploit is available through Intevydis. This exploit is not otherwise publicly available or known to be circulating in the wild.

Trust: 0.3

sources: BID: 36267

PRICE

Free

Trust: 0.3

sources: BID: 36267

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 36267

CREDITS

Intevydis

Trust: 0.3

sources: BID: 36267

EXTERNAL IDS

db:	NVD	id:	CVE-2009-3344	Trust: 0.3
db:	BID	id:	36267	Trust: 0.3

sources: BID: 36267

REFERENCES

url:	http://intevydis.com/company.shtml	Trust: 0.3
url:	http://www.sap.com/solutions/sapbusinessobjects/sme/reporting/crystalreportsserver/index.epx	Trust: 0.3

sources: BID: 36267

SOURCES

db:

BID

id:

36267

LAST UPDATE DATE

2022-07-27T09:25:35.144000+00:00

SOURCES UPDATE DATE

db:

BID

id:

36267

date:

2015-04-13T21:07:00

SOURCES RELEASE DATE

db:

BID

id:

36267

date:

2009-09-03T00:00:00