Описание
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.
Ссылки
- Broken LinkExploitThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Broken LinkExploitThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:businessobjects:crystal_reports_xi:r2:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13447
Средний
9.3 Critical
CVSS2
Дефекты
CWE-120
Связанные уязвимости
github
почти 4 года назад
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.
EPSS
Процентиль: 94%
0.13447
Средний
9.3 Critical
CVSS2
Дефекты
CWE-120