Vulnerability Description
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Crystal Reports | - |
References
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/61016
- http://www.securityfocus.com/bid/69557
- http://www.zerodayinitiative.com/advisories/ZDI-14-302/
- https://service.sap.com/sap/support/notes/1999142
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/61016
- http://www.securityfocus.com/bid/69557
- http://www.zerodayinitiative.com/advisories/ZDI-14-302/
- https://service.sap.com/sap/support/notes/1999142
FAQ
What is CVE-2014-5506?
CVE-2014-5506 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
How severe is CVE-2014-5506?
CVE-2014-5506 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5506?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Crystal Reports.