VID |
26299 |
Severity |
40 |
Port |
139,445 |
Protocol |
TCP |
Class |
SMB |
Detailed Description |
The hotfix (MS07-052, 941522) for 'Vulnerability in Crystal Reports for Visual Studio' has not been applied. Crystal Reports for Visual Studio is vulnerable to a stack-based buffer overflow vulnerability, caused by improper handling of malformed RPT files. An attacker could exploit this vulnerability by sending an affected user a malformed RPT file as an e-mail attachment, or hosting the file on a malicious or compromised Web site.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References: http://www.microsoft.com/technet/security/bulletin/ms07-052.mspx http://www.lssec.com/advisories/LS-20061102.pdf http://www.frsirt.com/english/advisories/2007/3114 http://www.us-cert.gov/cas/techalerts/TA07-254A.html http://secunia.com/advisories/26754
* Platforms Affected: Business Objects, Crystal Reports XI Professional Microsoft Visual Studio .NET 2002 SP1 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2005 Microsoft Visual Studio .NET 2005 SP1 Microsoft Windows Any version |
Recommendation |
Apply the appropriate patch (941522) for your system, as listed in Microsoft Security Bulletin MS07-052 at http://www.microsoft.com/technet/security/bulletin/ms07-052.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
Related URL |
CVE-2007-3040 (CVE) |
Related URL |
25566 (SecurityFocus) |
Related URL |
35752,35753 (ISS) |
|