Lucene search

[email protected]CVE-2008-0379

HistoryJan 22, 2008 - 8:00 p.m.

CVE-2008-0379

2008-01-2220:00:00

CWE-362

CWE-120

[email protected]

web.nvd.nist.gov

cve

2008

0379

race condition

enterprise tree

activex control

crystal reports xi

remote attackers

denial of service

crash

arbitrary code

buffer overflow

nvd

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.7%

JSON

Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.

Affected configurations

NVD

Node

businessobjectscrystal_reports_xiMatchr2

CPENameOperatorVersion
businessobjects:crystal_reports_xibusinessobjects crystal reports xieqr2

CPE	Name	Operator	Version
businessobjects:crystal_reports_xi	businessobjects crystal reports xi	eq	r2

References

www.securityfocus.com/bid/27333

www.securitytracker.com/id?1019239

exchange.xforce.ibmcloud.com/vulnerabilities/39743

www.exploit-db.com/exploits/4931

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.7%

JSON

Related for CVE-2008-0379

nvd1 cvelist1 prion1