CVE-2004-0204
published 2004-08-06CVE-2004-0204: Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio…
PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
72.99%
99.4th percentile
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bea | weblogic_server | — | — |
| businessobjects | crystal_enterprise | — | — |
| businessobjects | crystal_enterprise | — | — |
| businessobjects | crystal_enterprise_java_sdk | — | — |
| businessobjects | crystal_enterprise_ras | — | — |
| businessobjects | crystal_reports | — | — |
| businessobjects | crystal_reports | — | — |
| microsoft | business_solutions_crm | — | — |
| microsoft | outlook | — | — |
| microsoft | visual_studio_net | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting 'crystalimagehandler.aspx' with a 'dynamicimage' parameter containing directory traversal sequences ('..\' or '../') ↗
- ·The vulnerability exists in the 'dynamicimage' parameter (note: NVD spells it 'dynamicimag' — likely a typo); detection rules should match the actual parameter name 'dynamicimage' as seen in the PoC URL ↗
- ·Affected deployments span multiple products that redistribute Crystal Reports (Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2); detection should be applied broadly across any IIS host serving crystalimagehandler.aspx ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108360413811017&w=2http://marc.info/?l=bugtraq&m=108671836127360&w=2http://secunia.com/advisories/11800http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asphttp://www.osvdb.org/6748http://www.securityfocus.com/bid/10260https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017https://exchange.xforce.ibmcloud.com/vulnerabilities/16044https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157http://marc.info/?l=bugtraq&m=108360413811017&w=2http://marc.info/?l=bugtraq&m=108671836127360&w=2http://secunia.com/advisories/11800http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asphttp://www.osvdb.org/6748http://www.securityfocus.com/bid/10260https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017https://exchange.xforce.ibmcloud.com/vulnerabilities/16044https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157
2004-08-06
Published