Microsoft has issued security patches for Visual Studio versions that run Crystal Reports as part of its monthly Patch Tuesday release.
The issue has been rated "important," according to Microsoft Security Bulletin MS07-052, which states:
This important security update resolves a publicly disclosed vulnerability. This vulnerability could allow remote code execution if a user opens a specially crafted RPT file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The following downloads are available for Visual Studio users:
- Visual Studio 2005 Service Pack 1 Crystal Reports Security Update
- Visual Studio 2005 Crystal Reports Security Update
- Visual Studio .NET 2003 Service Pack 1 Crystal Reports Security Update
- Visual Studio .NET 2003 Crystal Reports Security Update
- Visual Studio .NET 2002 Service Pack 1 Crystal Reports Security Update
A Knowledge Base article, with details about the download and the security issue, accompanies each of the five downloads.
In addition, sister site SearchSecurity.com has a column from Christopher Budd, security program manager for the Microsoft Security Response Center (MSRC), offering insight into this patch. Read Inside MSRC: Visual Studio update affects multiple systems for more information.