This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a buffer overflow vulnerability in Crystal Reports 'EnterpriseControls.dll' ActiveX Control.
Crystal Reports is a commercially available data-reporting application. The 'EnterpriseControls.dll' ActiveX control allows a browser to display reports created by Crystal Reports.
Crystal Reports 'EnterpriseControls.dll' ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
This issue affects the 'SelectedSession()' method in the 'EnterpriseControls.dll' library. The affected control is identified by CLSID: 3D58C9F3-7CA5-4C44-9D62-C5B63E059050. This issue is caused by a race condition during the initialization of the control, allowing attackers to corrupt the EIP register and trigger crashes.
A successful exploit will allow an attacker to crash applications using the affected ActiveX control (typically Internet Explorer).
- Business Objects Crystal Reports XI Release 2
Download and install all patches related to this vulnerability.