SAP Knowledge Base Article - Preview

1183191 - Error: "buffer overrun...", and "failing to read data from report file...ReportAdd" with RPT files on Enterprise 10, XI, and XI R2


Business Objects has completed the investigation into a public report of a vulnerability. The Crystal Reports Designer was permitting a buffer overflow, which could be exploited by an attacker in order to execute arbitrary code on an affected system. Exploitation requires that the attacker coerce the target user into opening a malicious .RPT file.

When opening the RPT file in the Designer, the Designer would infinitely loop, exit without a dialog box pop-up, or an error message appeared:

"buffer overrun... you must terminate the process"

Publishing to BusinessObjects Enterprise, Crystal Enterprise or Crystal Reports Server The modified RPT file could not be through the Publishing Wizard, Central Management Console or InfoView because an error message appeared:

"failing to read data from report file... Reason: Unable to launch $(INSTALLDIR)\BusinessObjects Enterprise 11.5\win32_x86\plugins\desktop\CrystalEnterprise.Report\ReportAdd program to add report to the system".

The modified RPT file, when added to a Visual Studio project or loaded in the embedded designer, will cause Visual Studio to exit prematurely. Win32 apps loading up the report either through the viewer or the ReportDocument API will crash. When loaded up by an ASP.NET process (either through the Crystal Reports Webform viewer or by ReportDocument), it will cause the ASP.NET worker process to crash and restart. Repeated attempts to load the report could result in a denial of service of ASP.NET.



Crystal Enterprise 10 ; Crystal Reports Server XI R2 ; Crystal Reports Server XI R2, OEM edition ; SAP BusinessObjects Business Intelligence platform R2 ; SAP BusinessObjects Enterprise XI ; SAP Crystal Reports 10.0 ; SAP Crystal Reports XI ; SAP Crystal Reports XI R2 ; SAP Crystal Reports, version for Visual Studio .NET 2005 ; SAP Crystal Reports, version for Visual Studio .NET 2008 ; SAP Crystal Reports, version for Visual Studio .NET 9.1 ; SAP Crystal Server XI


R2 security , 1410607 , KBA , BI-BIP , Business intelligence platform , Bug Filed

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.