CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 2CVE-2008-0379 – Crystal Reports XI Release 2 (Enterprise Tree Control) - ActiveX Buffer Overflow (Denial of Service) (PoC)
https://notcve.org/view.php?id=CVE-2008-0379
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. Condición de carrera en el controlador ActiveX(EnterpriseControls.dll 11.5.0.313) en Crystal Reports XI Release 2 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su elección a través del método SelectedSession, el cual dispara un desbordamiento de búfer. • https://www.exploit-db.com/exploits/4931 http://www.securityfocus.com/bid/27333 http://www.securitytracker.com/id?1019239 https://exchange.xforce.ibmcloud.com/vulnerabilities/39743 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •