Korean
<< Back
VID 26299
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The hotfix (MS07-052, 941522) for 'Vulnerability in Crystal Reports for Visual Studio' has not been applied. Crystal Reports for Visual Studio is vulnerable to a stack-based buffer overflow vulnerability, caused by improper handling of malformed RPT files. An attacker could exploit this vulnerability by sending an affected user a malformed RPT file as an e-mail attachment, or hosting the file on a malicious or compromised Web site.

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
http://www.microsoft.com/technet/security/bulletin/ms07-052.mspx
http://www.lssec.com/advisories/LS-20061102.pdf
http://www.frsirt.com/english/advisories/2007/3114
http://www.us-cert.gov/cas/techalerts/TA07-254A.html
http://secunia.com/advisories/26754

* Platforms Affected:
Business Objects, Crystal Reports XI Professional
Microsoft Visual Studio .NET 2002 SP1
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio .NET 2003 SP1
Microsoft Visual Studio .NET 2005
Microsoft Visual Studio .NET 2005 SP1
Microsoft Windows Any version
Recommendation Apply the appropriate patch (941522) for your system, as listed in Microsoft Security Bulletin MS07-052 at http://www.microsoft.com/technet/security/bulletin/ms07-052.mspx

-- OR --

Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch.
Related URL CVE-2007-3040 (CVE)
Related URL 25566 (SecurityFocus)
Related URL 35752,35753 (ISS)