[原文]Unspecified vulnerability in Report Application Server (Crystalras.exe) before 220.127.116.110, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections.
Business Objects Enterprise/Crystal Reports Crafted Request crystalras.exe DoS
Remote / Network Access
Denial of Service
Loss of Availability
Business Objects Enterprise XI/Crystal Reports XI contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted request is submitted causing a crash in the crystalras.exe module, and will result in loss of availability for the reporting service.
Currently, there are no known workarounds or upgrades to correct this issue. However, Business Objects has released a patch to address this vulnerability.