Moran Surf

**Name of the Vulnerable Software and Affected Versions** Business Objects Crystal Reports versions 9 and 10 Crystal Enterprise versions 9 and 10 **Description** A directory traversal issue exists in the web viewers for the mentioned products, allowing remote attackers to read and delete arbitrary files. This is achieved by using ".." sequences in the `dynamicimag` argument to the "crystalimagehandler.aspx" API endpoint. **Recommendations** For Business Objects Crystal Reports versions 9 and 10, and Crystal Enterprise versions 9 and 10, consider restricting access to the "crystalimagehandler.aspx" API endpoint until a patch is available. As a temporary workaround, avoid using the `dynamicimag` argument in the "crystalimagehandler.aspx" API endpoint to minimize the risk of exploitation.