cbcvebase.
CVE-2006-6133
published 2006-11-28

CVE-2006-6133: Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1…

PriorityP351high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
52.02%
98.8th percentile
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftvisual_studio_net
microsoftvisual_studio_net
microsoftvisual_studio_net

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29171.rpt
filename29171.rpt
  • Trigger vector is a user-assisted file open of a crafted RPT file; monitor for suspicious .rpt file opens in Crystal Reports / Visual Studio environments, especially from untrusted or remote sources.
  • Exploitation results in a stack-based buffer overflow; look for abnormal stack pivot or shellcode execution originating from Crystal Reports processes (e.g., crw32.exe, crystalreportviewers) after opening an RPT document.
  • Failed exploit attempts manifest as application crashes (denial-of-service); alert on unexpected termination of Crystal Reports processes after RPT file parsing.
  • ·Exploitation requires user interaction — the victim must be enticed into opening the malicious RPT file; purely network-based or zero-click exploitation is not indicated.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.