CVE-2008-0379

Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.

Published: Jan 22, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0379
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119
CWE-120
CWE-362

Affected Software
References

Software	From	Fixed in
businessobjects / crystal_reports_xi	r2	r2.x

http://www.securityfocus.com/bid/27333
http://www.securitytracker.com/id?1019239
https://exchange.xforce.ibmcloud.com/vulnerabilities/39743
https://www.exploit-db.com/exploits/4931

Vulnerability Database

289,697

CVE-2008-0379