SAP Knowledge Base Article - Preview

1688689 - Enterprise 3.1 installs versions of MS09.DLL and VBE6.DLL which expose known security vulnerabilities


  • When installing BusinessObjects Enterprise 3.1 to a Windows system where MS09.DLL and VBE6.DLL are not already present, the installer uses versions of these DLLs which are associated with known security vulnerabilities.
  • Microsoft provides patches for these vulnerabilities, but they are built to be installed on top of a full install of Microsoft Office.  Because Enterprise does not install a full version of Microsoft Office, these patches are not effective here.



  • SAP BusinessObjects Enterprise XI 3.1

Further information and details below:

Known security vulnerabilities referenced at the below links:

Known security vulnerabilities referenced at the below links:

The specific vulnerabilities and information regarding them are as follows:
CVE-2006-3649 :
CVE-2006-3434 :
CVE-2006-3650 :
CVE-2006-3864 :
CVE-2006-3868 :


SAP BusinessObjects Business Intelligence platform R2


xi3 xi3.1 ADAPT 01616657 1616657 ADAPT01616658 , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , BI-BIP-ADM , BI Servers, security, Crystal Reports in Launchpad , Bug Filed

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.