Summary
A directory traversal vulnerability exists in Crystal Reports and Crystal Enterprise from Business Objects that could allow Information Disclosure and Denial of Service attacks on an affected system. An attacker who successfully exploited the vulnerability could retrieve and delete files through the Crystal Reports and Crystal Enterprise Web interface on an affected system.
Solution
Microsoft has released a patch to fix this issue, download it from the following website: http://www.microsoft.com/technet/security/bulletin/ms04-017.mspx
Visual Studio .NET 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=659CA40E-808D-431D-A7D3-33BC3ACE922D&displaylang=en Outlook 2003 with Business Contact Manager:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9016B9F3-BA86-4A95-9D89-E120EF2E85E3&displaylang=en Microsoft Business Solutions CRM 1.2:
http://go.microsoft.com/fwlink/?LinkId=30127
Severity
Classification
-
CVE CVE-2004-0204 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)