SAP Crystal Reports Print ActiveX "PrintControl.dll" Heap Buffer Overflow Vulnerability
21 December 2012
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 126.96.36.1993 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Robert Hansen, Vice President of WhiteHat Security Labs, discusses the evolution of web application security, offers advice on how to improve web application security practices, recommends tools, and more.
While there is an increasing recognition in many organizations that application security is an important piece of the overall puzzle, putting together a comprehensive strategy that will effectively reduce an organizationís risk profile is not easy.
Insiders have been responsible for some interesting breaches or hostage scenarios in recent history, whether intentional or not. So, which is a bigger threat - an external hacker or a disgruntled employee?
Most security interfaces today leave a lot to be desired, and many security pros are gaming enthusiasts, accustomed to a sharp and engaging virtual world. ProtectWise wanted to give them a helpful security tool with an interactive visual dashboard that looks straight out of Call of Duty.