Vulnerability Name: | CVE-2006-6133 (CCN-30532) | ||||||||
Assigned: | 2006-11-23 | ||||||||
Published: | 2006-11-23 | ||||||||
Updated: | 2018-10-17 | ||||||||
Summary: | Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. | ||||||||
CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C) 5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-119 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Thu Nov 23 2006 - 11:27:46 CST LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability Source: MITRE Type: CNA CVE-2006-6133 Source: CCN Type: HP Security Bulletin HPSBST02260 SSRT071471 Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-051 to MS07-054 Source: CCN Type: SA23091 Crystal Reports RPT Processing Buffer Overflow Vulnerability Source: SECUNIA Type: Vendor Advisory 23091 Source: CCN Type: SA26754 Visual Studio Crystal Reports RPT Processing Buffer Overflow Source: SECUNIA Type: Vendor Advisory 26754 Source: CCN Type: SECTRACK ID: 1017279 Crystal Reports Report File Stack Overflow Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1017279 Source: CCN Type: ASA-2007-377 MS07-052 Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522) Source: CCN Type: BusinessObjects KBase Article ID: 1410607 KBase Article ID:1410607 Source: CCN Type: LS-20061102 Business Objects Crystal Reports XI Professional Stack Overflow Vulnerability Source: MISC Type: UNKNOWN http://www.lssec.com/advisories/LS-20061102.pdf Source: CCN Type: Microsoft Security Bulletin MS07-052 Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522) Source: BUGTRAQ Type: UNKNOWN 20061123 LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability Source: BID Type: UNKNOWN 21261 Source: CCN Type: BID-21261 Business Objects Crystal Reports XI Professional File Handling Buffer Overflow Vulnerability Source: CERT Type: US Government Resource TA07-254A Source: VUPEN Type: Vendor Advisory ADV-2006-4691 Source: VUPEN Type: Vendor Advisory ADV-2007-3114 Source: MS Type: UNKNOWN MS07-052 Source: XF Type: UNKNOWN crystalreports-rpt-bo(30532) Source: XF Type: UNKNOWN crystalreports-rpt-bo(30532) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:2055 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |