HTTP: SAP Crystal Reports Server ActiveX Insecure Method Vulnerability

This signature detects attempts to exploit known multiple insecure-method vulnerabilities in SAP Crystal Reports Server ActiveX Control. A remote attacker can leverage this by enticing a target user to open a malicious Web page. A successful attack allows an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack can cause an abnormal termination of the affected browser.

Extended Description

The SAP Crystal Reports Server ActiveX control is prone to multiple insecure-method vulnerabilities. Successful exploits will compromise affected computers or cause denial-of-service conditions; other attacks are possible. SAP Crystal Reports Server 2008 is vulnerable.

Affected Products

Sap crystal_reports_server_2008

References

BugTraq: 45977

URL: https://service.sap.com/sap/support/notes/1458309 http://dsecrg.com/pages/vul/show.php?id=302 http://www.sap.com/solutions/sapbusinessobjects/sme/reporting/crystalreportsserver/index.epx http://osdir.com/ml/bugtraq.security/2011-01/msg00144.html

Short Name

HTTP:STC:ACTIVEX:SAP-CRSTL-RPT

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: SAP Crystal Reports Server ActiveX Insecure Method Vulnerability

Extended Description

Affected Products

References

Found a potential security threat?