9.3
CVE-2008-0379
- EPSS 8.56%
- Veröffentlicht 22.01.2008 20:00:00
- Zuletzt bearbeitet 16.06.2026 22:49:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginRace condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Businessobjects ≫ Crystal Reports Xi Versionr2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.56% | 0.944 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
http://www.securityfocus.com/bid/27333
http://www.securitytracker.com/id?1019239
https://exchange.xforce.ibmcloud.com/vulnerabilities/39743
https://www.exploit-db.com/exploits/4931