|
|
CVE Reference: CVE-2004-0204 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2004-0204 |
|
|
Description: Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/16044 SAID Secunia Advisory: SA11800 OVAL http://oval.mitre.org/oval/definitions/data/oval1157.html OSVDB 6748 MS http://www.microsoft.com/technet/security/bulletin/ms04-017.asp CONFIRM http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=108671836127360&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=108360413811017&w=2 BID 10260 |
|
| Return to the previous page. |
