[ERPSCAN-11-002] SAP Crystal Reports 2008 — ActiveX Insecure Methods

DSECRG Advisories

Application: SAP Crystal Report Server 2008
Versions Affected: SAP Crystal Report Server 2008
Vendor URL: http://www.sap.com
Exploits: YES Bugs: Insecure methods
Reported: 09.03.2010
Vendor response: 10.03.2010
Date of SAP Security Note Published: 8.10.2010
Date of Public Advisory: 14.01.2011
Author: Dmitry Chastuhin

Insecure practices found in the library scriptinghelpers.dll. An attacker could construct a html-page containing a call Insecure functions. The component contains insecure methods by which you can overwrite any file in the OS, run the executable file, kill process, delete the file.

Business Risk
An attacker can send a malicious link to an unaware user via e-mail, messaging or social networks. He also can insert this link into corporate portal. When clicking this link the end user browser will call vulnerable ActiveX component which can read, delete, and execute any file and even stop any process. It can be used by attacker to gain full control on victim’s workstation.