Crystal Reports 'EnterpriseControls.dll' ActiveX控件缓冲区溢出漏洞

BUGTRAQ ID: 27333 CNCAN ID:CNCAN-2008012103 Crystal Reports XI是一款用于专业数据报表应用程序。 Crystal Reports XI包含的ActiveX控件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于"SelectedSession"方法中，在初始化这个组件中，在线程中存在竞争条件错误，同组件的4字节会被EIP覆盖，精心构建4字节数据，可能以应用程序进程权限执行任意指令。 Business Objects Crystal Reports XI Release 2 目前没有解决方案提供：...

crystal-dos.txt

Application: Crystal Reports XI Release 2 Enterprise Tree Control Remote BoF/Dos www.businessobjects.com Versions: 11 Platforms: Windows XP Professional Bug: buffer-overflow Exploitation: remote Date: 2007-01-16 Author: shinnai e-mail: shinnaiatautisticidotorg web: http://shinnai.altervista.org 1...

Crystal Reports XI Release 2 (Enterprise Tree Control) ActiveX BOF/DoS

No description provided by source. Application: Crystal Reports XI Release 2 Enterprise Tree Control Remote BoF/Dos www.businessobjects.com Versions: 11 Platforms: Windows XP Professional Bug: buffer-overflow Exploitation: remote Date: 2007-01-16 Author: shinnai e-mail: shinnaiatautisticidotorg...