Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:6968
HistoryOct 11, 2004 - 12:00 a.m.

[SA12772] Crystal Reports JPEG Processing Buffer Overflow Vulnerability

2004-10-1100:00:00
vulners.com
8
JSON

TITLE:
Crystal Reports JPEG Processing Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA12772

VERIFY ADVISORY:
http://secunia.com/advisories/12772/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Crystal Reports 9
http://secunia.com/product/2254/
Crystal Reports 10
http://secunia.com/product/3551/
Crystal Enterprise 9
http://secunia.com/product/3552/
Crystal Enterprise 10
http://secunia.com/product/3553/

DESCRIPTION:
BusinessObjects has acknowledged a vulnerability in Crystal Reports,
which can be exploited by malicious people to compromise a user's
system.

For more information:
SA12528

SOLUTION:
Apply patches.

Crystal Reports 10 and Crystal Enterprise 10:
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_gdiplus_critical_update.zip

An updated copy of the "ActiveXViewer.cab" file for runtime
environments or third party applications using the ActiveX viewer but
not having Crystal Reports 10 or Crystal Enterprise 10 installed is
available at:
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ActiveXViewer_gdiplus_critical_update.zip

Crystal Reports 9 and Crystal Enterprise 9:
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_gdiplus_critical_update.zip

Updated merge modules:
http://support.businessobjects.com/mergemodules

ORIGINAL ADVISORY:
http://support.businessobjects.com/library/kbase/articles/c2016358.asp

OTHER REFERENCES:
SA12528:
http://secunia.com/advisories/12528/

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

JSON