CVE-2004-0204

Sažetak

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Reference

http://marc.info/?l=bugtraq&m=108360413811017&w=2
http://marc.info/?l=bugtraq&m=108671836127360&w=2
http://secunia.com/advisories/11800
http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
http://www.osvdb.org/6748
http://www.securityfocus.com/bid/10260
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017
https://exchange.xforce.ibmcloud.com/vulnerabilities/16044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-10-2018 - 21:34

Objavljeno

06-08-2004 - 04:00