{"api_version":"1","generated_at":"2026-04-22T21:37:56+00:00","cve":"CVE-2006-6133","urls":{"html":"https://cve.report/CVE-2006-6133","api":"https://cve.report/api/cve/CVE-2006-6133.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-6133","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-6133"},"summary":{"title":"CVE-2006-6133","description":"Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-11-28 01:07:00","updated_at":"2018-10-17 21:46:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30532","name":"crystalreports-rpt-bo(30532)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23091","name":"23091","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Crystal Reports RPT Processing Buffer Overflow Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA07-254A.html","name":"TA07-254A","refsource":"CERT","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA07-254A -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055","name":"oval:org.mitre.oval:def:2055","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/4691","name":"ADV-2006-4691","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.lssec.com/advisories/LS-20061102.pdf","name":"http://www.lssec.com/advisories/LS-20061102.pdf","refsource":"MISC","tags":[],"title":"","mime":"application/pdf","httpstatus":"-1","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052","name":"MS07-052","refsource":"MS","tags":[],"title":"Microsoft Security Bulletin MS07-052 - Important | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26754","name":"26754","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Visual Studio Crystal Reports RPT Processing Buffer Overflow - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/452464/100/0/threaded","name":"20061123 LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1017279","name":"1017279","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - Crystal Reports Report File Stack Overflow Lets Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/21261","name":"21261","refsource":"BID","tags":[],"title":"Business Objects Crystal Reports XI Professional File Handling Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2007/3114","name":"ADV-2007-3114","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-6133","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-6133","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"crystal_reports_xi","cpe6":"*","cpe7":"*","cpe8":"professional","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"businessobjects","cpe5":"crystal_reports_xi","cpe6":"*","cpe7":"*","cpe8":"professional","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2002","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2002","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2003","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2003","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2005","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2005","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2002","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2002","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2003","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2003","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2005","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6133","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_studio_.net","cpe6":"2005","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-6133","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1017279","refsource":"SECTRACK","url":"http://securitytracker.com/id?1017279"},{"name":"ADV-2007-3114","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/3114"},{"name":"crystalreports-rpt-bo(30532)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30532"},{"name":"oval:org.mitre.oval:def:2055","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2055"},{"name":"MS07-052","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-052"},{"name":"26754","refsource":"SECUNIA","url":"http://secunia.com/advisories/26754"},{"name":"23091","refsource":"SECUNIA","url":"http://secunia.com/advisories/23091"},{"name":"ADV-2006-4691","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/4691"},{"name":"TA07-254A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA07-254A.html"},{"name":"21261","refsource":"BID","url":"http://www.securityfocus.com/bid/21261"},{"name":"http://www.lssec.com/advisories/LS-20061102.pdf","refsource":"MISC","url":"http://www.lssec.com/advisories/LS-20061102.pdf"},{"name":"20061123 LS-20061102 - Business Objects Crystal Reports Stack Overflow Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/452464/100/0/threaded"}]}},"nvd":{"publishedDate":"2006-11-28 01:07:00","lastModifiedDate":"2018-10-17 21:46:00","problem_types":["CWE-119"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.6},"severity":"HIGH","exploitabilityScore":4.9,"impactScore":10,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:visual_studio_.net:2005:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:visual_studio_.net:2003:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:businessobjects:crystal_reports_xi:*:*:professional:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:visual_studio_.net:2002:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"6133","Ordinal":"21481","Title":"CVE-2006-6133","CVE":"CVE-2006-6133","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"6133","Ordinal":"1","NoteData":"Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"6133","Ordinal":"2","NoteData":"2006-11-27","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"6133","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}