CVSS: 9.3EPSS: 14%CPEs: 1EXPL: 2CVE-2008-0379 – Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-0379
22 Jan 2008 — Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. Condición de carrera en el controlador ActiveX(EnterpriseControls.dll 11.5.0.313) en Crystal Reports XI Release 2 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su elección... • https://www.exploit-db.com/exploits/4931 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 72%CPEs: 7EXPL: 1CVE-2006-6133 – Business Objects Crystal Reports XI Professional - File Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6133
28 Nov 2006 — Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. Desbordamiento de búfer basado en pila en Visual Studio Crystal Reports para Microsoft Visual Studio .NET 2002 y 2002 SP1; .NET 2003 y 2003 SP1; y 2005 y 2005 SP1 (anteriormente Business Objects Crystal Re... • https://www.exploit-db.com/exploits/29171 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2005-4813
https://notcve.org/view.php?id=CVE-2005-4813
31 Dec 2005 — Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections. • http://secunia.com/advisories/16282 •