Race Condition in Crystal Reports XI Release 2 Affecting Enterprise Tree ActiveX Control
CVE-2008-0379

Currently unrated

Key Information:

Vendor: Microsoft
Status: Activex; Crystal Reports Xi
Vendor: CVE Published:; 22 January 2008

What is CVE-2008-0379?

A race condition vulnerability exists in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) within Crystal Reports XI Release 2. This flaw allows remote attackers to trigger a denial of service by exploiting the SelectedSession method, leading to a system crash. In addition, the vulnerability could potentially enable the execution of arbitrary code through a buffer overflow, posing a significant risk to the integrity and availability of systems utilizing this software.

References

https://www.exploit-db.com/exploits/4931

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/27333

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1019239

vdb-entryx_refsource_SECTRACK

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 22, 2008
Vulnerability Reserved
Jan 22, 2008

Microsoft

What is CVE-2008-0379?

References

EPSS Score

Timeline