|CVSS SCORE||10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)|
The flaw exists within the ebus-3-3-2-7.dll component which is used by the crystalras.exe service. This process listens on a random TCP port. When unmarshalling GIOP ORB encapsulated data the process invokes a memcpy constrained by a user controlled value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
SAP has issued an update to correct this vulnerability. More details can be found at: