Vulnerability CVE-2004-0204
Published: 2004-08-06   Modified: 2012-02-12

Description:
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Microsoft -> Business solutions crm 
Microsoft -> Outlook 
Microsoft -> Visual studio .net 
Businessobjects -> Crystal enterprise 
Businessobjects -> Crystal enterprise java sdk 
Businessobjects -> Crystal enterprise ras 
Businessobjects -> Crystal reports 
Borland software -> J builder 
BEA -> Weblogic server 

 References:
http://marc.info/?l=bugtraq&m=108360413811017&w=2
http://marc.info/?l=bugtraq&m=108671836127360&w=2
http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
http://www.securityfocus.com/bid/10260
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017
https://exchange.xforce.ibmcloud.com/vulnerabilities/16044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157
Copyright 2024, cxsecurity.com

 

Back to Top