TITLE:
Crystal Reports JPEG Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA12772
VERIFY ADVISORY:
http://secunia.com/advisories/12772/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Crystal Reports 9
http://secunia.com/product/2254/
Crystal Reports 10
http://secunia.com/product/3551/
Crystal Enterprise 9
http://secunia.com/product/3552/
Crystal Enterprise 10
http://secunia.com/product/3553/
DESCRIPTION:
BusinessObjects has acknowledged a vulnerability in Crystal Reports,
which can be exploited by malicious people to compromise a user's
system.
For more information:
SA12528
SOLUTION:
Apply patches.
Crystal Reports 10 and Crystal Enterprise 10:
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_gdiplus_critical_update.zip
An updated copy of the "ActiveXViewer.cab" file for runtime
environments or third party applications using the ActiveX viewer but
not having Crystal Reports 10 or Crystal Enterprise 10 installed is
available at:
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ActiveXViewer_gdiplus_critical_update.zip
Crystal Reports 9 and Crystal Enterprise 9:
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_gdiplus_critical_update.zip
Updated merge modules:
http://support.businessobjects.com/mergemodules
ORIGINAL ADVISORY:
http://support.businessobjects.com/library/kbase/articles/c2016358.asp
OTHER REFERENCES:
SA12528:
http://secunia.com/advisories/12528/
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.