Vulnerability Description
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Businessobjects | Crystal Reports Xi | r2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/27333Broken LinkExploitThird Party Advisory
- http://www.securitytracker.com/id?1019239Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39743Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/4931ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/27333Broken LinkExploitThird Party Advisory
- http://www.securitytracker.com/id?1019239Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39743Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/4931ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2008-0379?
CVE-2008-0379 is a vulnerability with a CVSS score of 9.3 (HIGH). Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly exec...
How severe is CVE-2008-0379?
CVE-2008-0379 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0379?
Check the references section above for vendor advisories and patch information. Affected products include: Businessobjects Crystal Reports Xi.