Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0379

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0379
Last Modified 05 Sep 2008 05:34:54
Published 22 Jan 2008 03:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0379

Summary

Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.

Vulnerable Systems

Application

  • Businessobjects Crystal Reports Xi R2

  • Microsoft Activex Enterprise Tree Control


References

XF - crystalreports-enterprisetree-bo(39743)

SECTRACK - 1019239

BID - 27333

MILW0RM - 4931


Last Updated: 27 May 2016 10:46:46