=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN363
_____________________________________________________________________

DATE                      : 12/09/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Visual Studio.

======================================================================
http://www.microsoft.com/technet/security/bulletin/ms07-052.mspx
______________________________________________________________________

MS07-052 - Vulnerability in Crystal Reports for Visual Studio Could
Allow Remote Code Execution (941522)

Affected Software:
    -Visual Studio .NET 2002 Service Pack 1
    -Visual Studio .NET 2003
    -Visual Studio .NET 2003 Service Pack 1
    -Visual Studio 2005
    -Visual Studio 2005 Service Pack 1

Non-Affected Software:
    -Microsoft Office Outlook 2003 with Business Contact Manager
    -Microsoft Office Outlook 2007 with Business Contact Manager

Full MS07-052 advisory:
    http://www.microsoft.com/technet/security/bulletin/ms07-052.mspx


Vulnerability Details:
	
Crystal Reports RPT Processing Vulnerability  CVE-2006-6133

    A remote code execution vulnerability exists in the way Crystal Reports
    for Visual Studio handles malformed RPT files. An attacker could 
exploit the
    vulnerability by sending an affected user a malformed RPT file as an 
e-mail
    attachment, or hosting the file on a malicious or compromised Web site.

    An attacker who successfully exploited this vulnerability could gain the
    same user rights as the local user. Users whose accounts are configured
    to have fewer user rights on the system could be less impacted than 
users
    who operate with administrative user rights.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================