Symptom
- When installing BusinessObjects Enterprise 3.1 to a Windows system where MS09.DLL and VBE6.DLL are not already present, the installer uses versions of these DLLs which are associated with known security vulnerabilities.
- Microsoft provides patches for these vulnerabilities, but they are built to be installed on top of a full install of Microsoft Office. Because Enterprise does not install a full version of Microsoft Office, these patches are not effective here.
Read more...
Environment
- SAP BusinessObjects Enterprise XI 3.1
Further information and details below:
MSO9.DLL
version 9.0.0.3821
Known security vulnerabilities referenced at the below links:
http://support.microsoft.com/kb/950183
http://technet.microsoft.com/en-us/security/bulletin/ms07-025
http://technet.microsoft.com/en-us/security/bulletin/ms07-015
http://technet.microsoft.com/en-us/security/bulletin/ms06-048
VBE6.DLL
version 6.0.86.67
Known security vulnerabilities referenced at the below links:
http://technet.microsoft.com/en-us/security/bulletin/MS10-031
http://support.microsoft.com/kb/978213
The specific vulnerabilities and information regarding them are as follows:
CVE-2006-3649 : http://technet.microsoft.com/en-us/security/bulletin/ms06-047
CVE-2006-3434 : http://technet.microsoft.com/en-us/security/bulletin/ms06-062
CVE-2006-3650 : http://technet.microsoft.com/en-us/security/bulletin/ms06-062
CVE-2006-3864 : http://technet.microsoft.com/en-us/security/bulletin/ms06-062
CVE-2006-3868 : http://technet.microsoft.com/en-us/security/bulletin/ms06-062
Product
Keywords
xi3 xi3.1 ADAPT 01616657 1616657 ADAPT01616658 , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , BI-BIP-ADM , BI Servers, security, Crystal Reports in Launchpad , Bug Filed
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.