Stay up to date with all of our Windows 7 news right here! windows7
Reply to this topic Topic Options
MS04-017: Crystal Reports Web Viewer, Source: Microsoft Technet
Steven
Post #1 Jun 8 2004, 17:59


Vicarious!
Group Icon

Group: Registered
Posts: 21,496
Joined: 4-August 01
From: Alameda, Ca
Member No.: 335
Microsoft Security Bulletin MS04-017
Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service (842689)

Issued: June 8, 2004
Version: 1.0
Summary

Who should read this document: Customers who use Microsoft® Visual Studio .NET 2003, who use Microsoft Office Outlook 2003 with Business Contact Manager, or who use Microsoft Business Solutions Customer Relationship Management (CRM) 1.2

Impact of Vulnerability: Information Disclosure and Denial of Service

Maximum Severity Rating: Moderate

Recommendation: Customers should consider applying the security update.

Security Update Replacement: None

Caveats:
•Customers who use both Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, and who have Internet Information Services installed should install the update for both products.
•The update for the component in Microsoft Business Solutions CRM 1.2 is available on the Business Objects Web site.

Tested Software and Security Update Download Locations:

Affected Software:
•Visual Studio .NET 2003 – Download the update
•Outlook 2003 with Business Contact Manager – Download the update
•Microsoft Business Solutions CRM 1.2 – Download the update from the Business Objects Web site

Non-Affected Software:
•All other supported versions of Visual Studio, Outlook, and Microsoft Business Solutions CRM.

Note Outlook 2003 with Business Contact Manager is an add-on to Outlook 2003 that is available on a separate CD, together with Microsoft Office Small Business Edition 2003 and Microsoft Office Professional Edition 2003.

The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site.
Top of sectionTop of section

Executive Summary:

This update resolves a newly-discovered vulnerability in Crystal Reports and Crystal Enterprise from Business Objects. Microsoft Visual Studio .NET 2003 (all versions) and Outlook 2003 with Business Contact Manager redistribute Crystal Reports and are therefore affected by the vulnerability. Microsoft Business Solutions CRM 1.2 redistributes Crystal Enterprise, which is affected in the same way. The vulnerability is documented in the Vulnerability Details section of this bulletin.

An attacker who successfully exploited the vulnerability could retrieve and delete files through the Crystal Reports and Crystal Enterprise Web viewers on an affected system. The number of files of files that are impacted by this vulnerability would depend on the security context of the affected component that is used by the Crystal Web viewer.

Note Systems can only be vulnerable if they have Internet Information Services (IIS) installed.

Microsoft recommends that customers consider applying the security update.

http://www.microsoft.com/technet/security/...n/MS04-017.mspx
Profile Card PM + Reply to Post Go to the top of the page Email Poster

Log In or Register · Advertise on Neowin
« Older · Back Page News · Newer »
 Reply to this topic

 
Powered By IP.Board © 2009  IPS, Inc.