From: "Geo." 

I use CR all the time to do reports for the ISP. Well I forget what version
it was but all of a sudden they stuck this web frontend on CR and when I
saw that I just shook my head thinking why compromise the machine with that
nightmare and immediately went to special install to make sure that part
didn't install on my machine (if I'm remembering right it installs by
default).

Well the results are in...

ID: 6749
TITLE: Microsoft Crystal Reports Web Viewer Arbitrary File Access
DISCLOSURE DATE: June  8, 2004
DESCRIPTION: Microsoft Crystal Reports Web Viewer contains a flaw that
allows a remote attacker to view or delete files outside of the web path.
The issue is due to the program not properly sanitizing user input,
specifically traversal style attacks (../../).  Systems are only vulnerable
if they have an IIS server installed. URL: http://www.osvdb.org/6749

ID: 6747
TITLE: Crystal Reports/Enterprise Disk Space Exhaustion DoS DISCLOSURE
DATE: June  8, 2004
DESCRIPTION: Crystal Reports and Crystal Enterprise contain a flaw that may
allow a remote denial of service.  The issue is triggered when a remote
user repeatedly accesses the crystalimagehandler.aspx script and requests
image creation, and will result in loss of availability for the server by
exhausting disk space and slowing connections. URL:
http://www.osvdb.org/6747

ID: 6748
TITLE: Crystal Reports/Enterprise Arbitrary File Manipulation DISCLOSURE
DATE: June  8, 2004
DESCRIPTION: Crystal Reports and Crystal Enterprise contain a flaw that
allows a remote attacker to access or delete files outside of the web path.
The issue is due to the crystalimagehandler.aspx script not properly
sanitizing user input, specifically traversal style attacks (../../)
supplied via the "dynamicimage" variable. URL:
http://www.osvdb.org/6748

--- BBBS/NT v4.01 Flag-5