CVSS: 9.3EPSS: 14%CPEs: 1EXPL: 2CVE-2008-0379 – Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-0379
22 Jan 2008 — Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. Condición de carrera en el controlador ActiveX(EnterpriseControls.dll 11.5.0.313) en Crystal Reports XI Release 2 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su elección... • https://www.exploit-db.com/exploits/4931 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •