Detections
Analytics
MS07-052: Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
high Nessus Plugin ID 26022
Synopsis
Arbitrary code can be executed on the remote host through Visual Studio.Description
The remote host is running a version of Microsoft Visual Studio that may allow arbitrary code to be run.An attacker may use this to execute arbitrary code on this host.
To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it. Then a bug in the RPT parsing handler would result in code execution.
Solution
Microsoft has released a set of patches for Visual Studio 2002, 2003 and 2005.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-052
Plugin Details
Severity: High
ID: 26022
File Name: smb_nt_ms07-052.nasl
Version: 1.33
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 9/12/2007
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.6
Temporal Score: 6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:microsoft:visual_studio, cpe:/a:microsoft:visual_studio_.net
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/11/2007
Vulnerability Publication Date: 11/2/2006
Reference Information
CVE: CVE-2006-6133
BID: 21261