CVE-2006-6133
Business Objects Crystal Reports XI Professional - File Handling Buffer Overflow
Severity Score
7.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
Desbordamiento de búfer basado en pila en Visual Studio Crystal Reports para Microsoft Visual Studio .NET 2002 y 2002 SP1; .NET 2003 y 2003 SP1; y 2005 y 2005 SP1 (anteriormente Business Objects Crystal Reports XI Professional) permite a atacantes remotos con la ayuda del usuario, ejecutar código de su elección mediante un fichero RPT manipulado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-11-23 First Exploit
- 2006-11-27 CVE Reserved
- 2006-11-28 CVE Published
- 2024-04-22 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://securitytracker.com/id?1017279 | Vdb Entry | |
http://www.lssec.com/advisories/LS-20061102.pdf | X_refsource_misc | |
http://www.securityfocus.com/archive/1/452464/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/21261 | Vdb Entry | |
http://www.us-cert.gov/cas/techalerts/TA07-254A.html | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/30532 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055 | Signature |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/29171 | 2006-11-23 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/23091 | 2018-10-17 | |
http://secunia.com/advisories/26754 | 2018-10-17 | |
http://www.vupen.com/english/advisories/2006/4691 | 2018-10-17 | |
http://www.vupen.com/english/advisories/2007/3114 | 2018-10-17 | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052 | 2018-10-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Businessobjects Search vendor "Businessobjects" | Crystal Reports Xi Search vendor "Businessobjects" for product "Crystal Reports Xi" | * | professional |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2002 Search vendor "Microsoft" for product "Visual Studio .net" and version "2002" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2002 Search vendor "Microsoft" for product "Visual Studio .net" and version "2002" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2003 Search vendor "Microsoft" for product "Visual Studio .net" and version "2003" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2003 Search vendor "Microsoft" for product "Visual Studio .net" and version "2003" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2005 Search vendor "Microsoft" for product "Visual Studio .net" and version "2005" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2005 Search vendor "Microsoft" for product "Visual Studio .net" and version "2005" | sp1 |
Affected
|