CVE-2006-6133

Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securitytracker.com/id?1017279
http://secunia.com/advisories/23091	Vendor Advisory
http://www.securityfocus.com/bid/21261
http://www.lssec.com/advisories/LS-20061102.pdf
http://www.us-cert.gov/cas/techalerts/TA07-254A.html	US Government Resource
http://secunia.com/advisories/26754	Vendor Advisory
http://www.vupen.com/english/advisories/2007/3114	Vendor Advisory
http://www.vupen.com/english/advisories/2006/4691	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30532
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052
http://www.securityfocus.com/archive/1/452464/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1::::::
	cpe:2.3:a:businessobjects:crystal_reports_xi:::professional:::::*
	cpe:2.3:a:microsoft:visual_studio_.net:2002:::::::*
	cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1::::::
	cpe:2.3:a:microsoft:visual_studio_.net:2003:::::::*
	cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1::::::
	cpe:2.3:a:microsoft:visual_studio_.net:2005:::::::*

Information

Published : 2006-11-27 17:07

Updated : 2018-10-17 14:46

NVD link : CVE-2006-6133

Mitre link : CVE-2006-6133

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

businessobjects

crystal_reports_xi

microsoft

visual_studio_.net

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://securitytracker.com/id?1017279", "name": "1017279", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/23091", "name": "23091", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/21261", "name": "21261", "tags": [], "refsource": "BID"}, {"url": "http://www.lssec.com/advisories/LS-20061102.pdf", "name": "http://www.lssec.com/advisories/LS-20061102.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html", "name": "TA07-254A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://secunia.com/advisories/26754", "name": "26754", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/3114", "name": "ADV-2007-3114", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4691", "name": "ADV-2006-4691", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30532", "name": "crystalreports-rpt-bo(30532)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055", "name": "oval:org.mitre.oval:def:2055", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052", "name": "MS07-052", "tags": [], "refsource": "MS"}, {"url": "http://www.securityfocus.com/archive/1/452464/100/0/threaded", "name": "20061123 LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6133", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2006-11-28T01:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:businessobjects:crystal_reports_xi:*:*:professional:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2005:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:46Z"}