Summary
A directory traversal vulnerability exists in Crystal Reports and Crystal Enterprise from Business Objects that could allow Information Disclosure and Denial of Service attacks on an affected system. An attacker who successfully exploited the vulnerability could retrieve and delete files through the Crystal Reports and Crystal Enterprise Web interface on an affected system.
Solution
Microsoft has released a patch to fix this issue, download it from the following website: http://www.microsoft.com/technet/security/bulletin/ms04-017.mspx
Visual Studio .NET 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=659CA40E-808D-431D-A7D3-33BC3ACE922D&displaylang=en Outlook 2003 with Business Contact Manager:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9016B9F3-BA86-4A95-9D89-E120EF2E85E3&displaylang=en Microsoft Business Solutions CRM 1.2:
http://go.microsoft.com/fwlink/?LinkId=30127
Severity
Classification
-
CVE CVE-2004-0204 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (953838)
- IE 5.01 5.5 6.0 Cumulative patch (890923)
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
- Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
- Microsoft Groove Remote Code Execution Vulnerability (2494047)