PT-2006-6769 · Business Objects · Visual Studio Crystal Reports

Published

2006-11-28

Updated

2018-10-17

CVE-2006-6133

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Visual Studio Crystal Reports versions .NET 2002 through 2005 SP1

Description A stack-based buffer overflow issue allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. This issue affects various versions of Visual Studio Crystal Reports, formerly known as Business Objects Crystal Reports XI Professional.

Recommendations For versions .NET 2002 through 2005 SP1, consider avoiding the use of crafted RPT files until a fix is available. As a temporary workaround, restrict the handling of RPT files to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2006-6133

Affected Products

Visual Studio Crystal Reports

PT-2006-6769 · Business Objects · Visual Studio Crystal Reports

CVE-2006-6133

Weakness Enumeration

Related Identifiers

Affected Products

References · 14