Tuesday 08 June 2004

MS Security Bulletins - 08 June 2004

Two MS Security Bulletins issued today.

Microsoft Security Bulletin MS04-016

Vulnerability in DirectPlay Could Allow Denial of Service

This update resolves a newly-discovered, privately reported vulnerability. A denial of service vulnerability exists in the implementation of the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay because of a lack of robust packet validation.

References:

Microsoft Security Bulletin MS04-017

Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service

This update resolves a newly-discovered vulnerability in Crystal Reports and Crystal Enterprise from Business Objects. Microsoft Visual Studio .NET 2003 (all versions) and Outlook 2003 with Business Contact Manager redistribute Crystal Reports and are therefore affected by the vulnerability. Microsoft Business Solutions CRM 1.2 redistributes Crystal Enterprise, which is affected in the same way.

An attacker who successfully exploited the vulnerability could retrieve and delete files through the Crystal Reports and Crystal Enterprise Web viewers on an affected system. The number of files of files that are impacted by this vulnerability would depend on the security context of the affected component that is used by the Crystal Web viewer.

Systems can only be vulnerable if they have Internet Information Services (IIS) installed.

References:

Related News

Related Tools

Related Entries