Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
https://service.sap.com/sap/support/notes/1999142
http://www.zerodayinitiative.com/advisories/ZDI-14-302/
http://www.securityfocus.com/bid/69557