CVE-2006-6133

Businessobjects Crystal Reports XI - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.

Exploits (1)

exploitdb WRITEUP VERIFIED

by LSsec.com · textremotewindows

https://www.exploit-db.com/exploits/29171

View Code ZIP pw:eip

References (12)

[Vendor Advisory] http://secunia.com/advisories/23091

[Vendor Advisory] http://secunia.com/advisories/26754

[Various Sources] http://www.lssec.com/advisories/LS-20061102.pdf

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA07-254A.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/4691

[Vendor Advisory] http://www.vupen.com/english/advisories/2007/3114

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/30532

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/452464/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21261

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017279

Scores

EPSS 0.7194

EPSS Percentile 98.8%

Details

CWE

CWE-119

Status published

Products (4)

businessobjects/crystal_reports_xi

microsoft/visual_studio_.net 2002 (2 CPE variants)

microsoft/visual_studio_.net 2003 (2 CPE variants)

microsoft/visual_studio_.net 2005 (2 CPE variants)

Published Nov 28, 2006

Tracked Since Feb 18, 2026