Vulnerability CVE-2004-0204


Published: 2004-08-06   Modified: 2012-02-12

Description:
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Type:

CWE-Other

Vendor: Businessobjects
Product: Crystal reports 
Version: 9; 10;
Product: Crystal enterprise 
Version: 9; 10;
Product: Crystal enterprise ras 
Version: 8.5;
Product: Crystal enterprise java sdk 
Version: 8.5;
Vendor: BEA
Product: Weblogic server 
Version: 8.1;
Vendor: Microsoft
Product: Outlook 
Version: 2003;
Product: Visual studio .net 
Version: 2003;
Product: Business solutions crm 
Version: 1.2;
Vendor: Borland software
Product: J builder 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://marc.info/?l=bugtraq&m=108360413811017&w=2
http://marc.info/?l=bugtraq&m=108671836127360&w=2
http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
http://www.securityfocus.com/bid/10260
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017
https://exchange.xforce.ibmcloud.com/vulnerabilities/16044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157

Related CVE
CVE-2007-5243
Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attac...
CVE-2007-5244
Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_fil...
CVE-2007-3566
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.
CVE-2006-6201
Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, relat...
CVE-2006-0634
Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by conte...
CVE-2004-2121
Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL.
CVE-2004-2043
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated u...
CVE-2004-1833
The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.

Copyright 2019, cxsecurity.com

 

Back to Top