Vulnerability Report

CVE-2004-0204

Title: Business Objects Crystal Reports directory traversal

Directory Traversal, Arbitrary File Read, Arbitrary File Delete

Proof Of Concept

PoC Available for CVE-2004-0204

CWE Category NVD-CWE-noinfo
Published Date Aug 06, 2004
Modified Date Apr 03, 2025
Exploit Status Available
Score 7.5 CVSS v2.0
Exploit Probability (EPSS)
75.37%

Vulnerability Summary

CVE-2004-0204: Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Impacted Vendors

M
microsoft 3
B
bea 1
B
businessobjects 4
B
borland_software 1

Reference Links

http://marc.info/?l=bugtraq&m=108360413811017&w=2 http://marc.info/?l=bugtraq&m=108671836127360&w=2 http://secunia.com/advisories/11800 http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp http://www.osvdb.org/6748 http://www.securityfocus.com/bid/10260 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017 https://exchange.xforce.ibmcloud.com/vulnerabilities/16044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157 http://marc.info/?l=bugtraq&m=108360413811017&w=2 http://marc.info/?l=bugtraq&m=108671836127360&w=2 http://secunia.com/advisories/11800 http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp http://www.osvdb.org/6748 http://www.securityfocus.com/bid/10260 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017 https://exchange.xforce.ibmcloud.com/vulnerabilities/16044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2004-0204 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/24077
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.