|
Description
|
This indicates an attempt to exploit an input validation vulnerability in Business Objects' Crystal Reports.
Crystal Reports is a reporting and data presentation solution from Business Objects. The web presentation component renders the requested report into HTML documents delivered to the end user through a web server. It is reported that a directory traversal vulnerability in the software allows an attacker to retrieve and delete files, allowing for information disclosure and denial of service attacks.
|
|
|
|
Impact
|
|
Information disclosure or Denial of Service.
|
|
|
|
Affected Products
|
|
Crystal Reports and Enterprise versions 9 and 10 are vulnerable.
|
|
Aliases
|
CrystalReports.Path.Traversal
|
|
References
|
http://www.microsoft.com/technet/security/Bulletin/MS04-017.mspx
http://www.securityfocus.com/bid/10260
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0204
|
|
Recommended Actions
|
Apply appropriate patch or upgrade the system to the latest non-vulnerable version.
|
