OpenCVE

Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Businessobjects	Crystal Reports Xi
Microsoft	Visual Studio .net

Configuration 1 [-]

OR	cpe:2.3:a:businessobjects:crystal_reports_xi:::professional:::::*
	cpe:2.3:a:microsoft:visual_studio_.net:2002:::::::*
	cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1::::::
	cpe:2.3:a:microsoft:visual_studio_.net:2003:::::::*
	cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1::::::
	cpe:2.3:a:microsoft:visual_studio_.net:2005:::::::*
	cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1::::::

No data.

References

Link	Providers
http://secunia.com/advisories/23091
http://secunia.com/advisories/26754
http://securitytracker.com/id?1017279
http://www.lssec.com/advisories/LS-20061102.pdf
http://www.securityfocus.com/archive/1/452464/100/0/threaded
http://www.securityfocus.com/bid/21261
http://www.us-cert.gov/cas/techalerts/TA07-254A.html
http://www.vupen.com/english/advisories/2006/4691
http://www.vupen.com/english/advisories/2007/3114
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052
https://exchange.xforce.ibmcloud.com/vulnerabilities/30532
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-28T01:00:00

Updated: 2024-08-07T20:19:33.916Z

Reserved: 2006-11-27T00:00:00

Link: CVE-2006-6133

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-28T01:07:00.000

Modified: 2024-11-21T00:21:55.517

Link: CVE-2006-6133

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-23T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1017279", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017279"}, {"name": "ADV-2007-3114", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3114"}, {"name": "crystalreports-rpt-bo(30532)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30532"}, {"name": "oval:org.mitre.oval:def:2055", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055"}, {"name": "MS07-052", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052"}, {"name": "26754", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26754"}, {"name": "23091", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23091"}, {"name": "ADV-2006-4691", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4691"}, {"name": "TA07-254A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"}, {"name": "21261", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21261"}, {"tags": ["x_refsource_MISC"], "url": "http://www.lssec.com/advisories/LS-20061102.pdf"}, {"name": "20061123 LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452464/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6133", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1017279", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017279"}, {"name": "ADV-2007-3114", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3114"}, {"name": "crystalreports-rpt-bo(30532)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30532"}, {"name": "oval:org.mitre.oval:def:2055", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055"}, {"name": "MS07-052", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052"}, {"name": "26754", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26754"}, {"name": "23091", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23091"}, {"name": "ADV-2006-4691", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4691"}, {"name": "TA07-254A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"}, {"name": "21261", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21261"}, {"name": "http://www.lssec.com/advisories/LS-20061102.pdf", "refsource": "MISC", "url": "http://www.lssec.com/advisories/LS-20061102.pdf"}, {"name": "20061123 LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452464/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:33.916Z"}, "title": "CVE Program Container", "references": [{"name": "1017279", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017279"}, {"name": "ADV-2007-3114", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3114"}, {"name": "crystalreports-rpt-bo(30532)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30532"}, {"name": "oval:org.mitre.oval:def:2055", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055"}, {"name": "MS07-052", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052"}, {"name": "26754", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26754"}, {"name": "23091", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23091"}, {"name": "ADV-2006-4691", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4691"}, {"name": "TA07-254A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"}, {"name": "21261", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21261"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.lssec.com/advisories/LS-20061102.pdf"}, {"name": "20061123 LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452464/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6133", "datePublished": "2006-11-28T01:00:00", "dateReserved": "2006-11-27T00:00:00", "dateUpdated": "2024-08-07T20:19:33.916Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:businessobjects:crystal_reports_xi:*:*:professional:*:*:*:*:*", "matchCriteriaId": "D3E8303D-8050-4CD7-A993-6C96026FFC60", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2002:*:*:*:*:*:*:*", "matchCriteriaId": "8512201F-9350-4892-A20F-80A2C38A530F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*", "matchCriteriaId": "747E3E3A-85C1-4E55-B7F8-C5207F247498", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:*:*:*:*:*:*:*", "matchCriteriaId": "F30DA411-416C-45C3-B2A2-E4F3ED7C8F42", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*", "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:*:*:*:*:*:*:*", "matchCriteriaId": "EBED7535-0091-4B27-B261-384CEADFE362", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*", "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en Visual Studio Crystal Reports para Microsoft Visual Studio .NET 2002 y 2002 SP1; .NET 2003 y 2003 SP1; y 2005 y 2005 SP1 (anteriormente Business Objects Crystal Reports XI Professional) permite a atacantes remotos con la ayuda del usuario, ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero RPT manipulado."}], "id": "CVE-2006-6133", "lastModified": "2024-11-21T00:21:55.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-11-28T01:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23091"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26754"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017279"}, {"source": "cve@mitre.org", "url": "http://www.lssec.com/advisories/LS-20061102.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452464/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21261"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/4691"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3114"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30532"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017279"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.lssec.com/advisories/LS-20061102.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/452464/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-254A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/4691"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30532"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}