Although there are no known exploits of any applications at this time, the vulnerability may allow arbitrary file access and possible disk space exhaustion.

Business Objects takes security issues seriously and released a patch on June 8th 2004 to fix the problem. This security vulnerability effects both Crystal Reports for Borland C#Builder and Crystal Reports for Borland JBuilder and requires a patch.

You can get information and download this patch here

To mitigate the risk of exposure for your customers and to ensure that you are following best practices, please review the document, Guide to Securing Web-Based Crystal Reports Applications, available on our support site.

In addition, if you have any questions, please do not hesitate to contact your Business Objects regional customer support center or refer to the following link for contact information.