Microsoft KB Archive/941522

= MS07-052: Vulnerability in Crystal Reports for Visual Studio could allow remote code execution =

Article ID: 941522

Article Last Modified on 11/6/2007

-

APPLIES TO

 Microsoft Visual Studio 2005 Team Suite Microsoft Visual Studio 2005 Team Edition for Software Architects Microsoft Visual Studio 2005 Team Edition for Software Developers Microsoft Visual Studio 2005 Team Edition for Software Testers Microsoft Visual Studio 2005 Professional Edition Microsoft Visual Studio 2005 Service Pack 1, when used with:  Microsoft Visual Studio 2005 Team Suite

 Microsoft Visual Studio 2005 Team Edition for Software Architects</li></ul>

 Microsoft Visual Studio 2005 Team Edition for Software Developers</li></ul>

 Microsoft Visual Studio 2005 Team Edition for Software Testers</li></ul>

 Microsoft Visual Studio 2005 Professional Edition</li></ul> </li> Microsoft Visual Studio .NET 2003 Service Pack 1, when used with:  Microsoft Visual Studio .NET 2003 Professional Edition</li></ul>

 Microsoft Visual Studio .NET 2003 Enterprise Architect</li></ul>

 Microsoft Visual Studio .NET 2003 Enterprise Developer</li></ul> </li> Microsoft Visual Studio .NET 2003 Professional Edition</li> <li>Microsoft Visual Studio .NET 2003 Enterprise Architect</li> <li>Microsoft Visual Studio .NET 2003 Enterprise Developer</li> <li>Microsoft Visual Studio .NET 2002 Professional Edition</li> <li>Microsoft Visual Studio .NET 2002 Enterprise Architect</li> <li>Microsoft Visual Studio .NET 2002 Enterprise Developer</li></ul>

-

<div class="summary_section">

INTRODUCTION
Microsoft has released security bulletin MS07-052. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul> <li>Home users:

http://www.microsoft.com/protect/computer/updates/bulletins/200709.mspx

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms07-052.mspx

</li></ul>

<div class="moreinformation_section">

Prerequisites
To install this security update, you must have Microsoft Windows Installer 3.1 installed on your computer. To obtain the latest version of Windows Installer for your computer, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=889482fc-5f56-4a38-b838-de776fd4138c

Known issues
<ul> <li>When you try to install an update for Microsoft Visual Studio 2005, for Microsoft Visual Studio .NET 2003, or for Microsoft Visual Studio .NET 2002, you may receive an error message that resembles the following:

The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package .msi in the box below.

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

944298 Error message when you try to install an update for Visual Studio 2005, for Visual Studio .NET 2003, or for Visual Studio .NET 2002: &quot;The feature you are trying to use is on a network resource that is unavailable&quot;

</li> <li>When you try to install an update for Visual Studio .NET 2002, you may receive an error message that resembles the following:

The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package .msi in the box below.

For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

939401 Error message when you try to install an update for Microsoft Visual Studio .NET 2002: &quot;The feature you are trying to use is on a network resource that is unavailable&quot;

</li> <li>Consider the following scenario. You have a computer that is running the Microsoft .NET Framework 1.0, the .NET Framework 1.1, Visual Studio .NET 2002, or Visual Studio .NET 2003. You install multiple updates for the .NET Framework or for Visual Studio .NET. You remove an update. In this scenario, the file version of the .NET Framework or of Visual Studio .NET is rolled back to the version that was installed by the last service pack. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

938244 The file version is rolled back to the version that was installed by the last service pack when you remove an update for the .NET Framework 1.0, the .NET Framework 1.1, Visual Studio .NET 2002 or Visual Studio .NET 2003

</li> <li>You have one or more of the Microsoft Visual Studio 2005 editions that are listed in the &quot;Applies To&quot; section installed, This edition or these editions have been updated to Microsoft Visual Studio 2005 Service Pack 1 (SP1). However, you have not installed the &quot;Crystal Reports for Visual Studio&quot; feature in Visual Studio 2005. After you install security update 937061 from Microsoft Update, you may be offered the update again even though the computer has already been updated.

Microsoft has revised the detection logic on Microsoft Update to correct this problem.

Note No changes have been made to security update 937061. If you have already installed the security update, you do not have to reinstall it.

For more information about security update 937061, click the following article number to view the article in the Microsoft Knowledge Base:

937061 Description of the security update for the Microsoft Visual Studio 2005 Service Pack 1 development platform

</li> <li>For more information about installation issues with updates for Microsoft Visual Studio .NET 2003, click the following article numbers to view the articles in the Microsoft Knowledge Base:

939043 A shared file is rolled back when you uninstall a previously installed update for one edition or SKU on a computer that has more than one edition or SKU of any version of Visual Studio installed

939400 Any files that are shared by the two editions of Visual Studio .NET 2003 Service Pack 1 or of Visual Studio .NET 2002 Service Pack 1 are deleted when you uninstall the edition of the service pack that you installed first

939407 You cannot install an update for the .NET Framework 1.1, for the .NET Framework 1.0, for Visual Studio .NET 2003, or for Visual Studio .NET 2002 after you upgrade a computer from Windows XP to Windows Vista

942380 Error message when you try to apply a hotfix or an update: &quot;Error 9002. Microsoft Visual Studio .NET 2003 Hotfix (KBxxxxxx) cannot be installed because you have one or more hotfixes installed. Remove them and try again.&quot;

943325 When you try to apply an update that applies to multiple editions of Visual Studio 2005, Windows Installer may apply the update to only one edition of Visual Studio 2005

</li></ul>

<div class="moreinformation_section">

MORE INFORMATION
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

937057 Description of the security update for the Microsoft Visual Studio .NET 2002 Service Pack 1 development platform

937058 Description of the security update for the Microsoft Visual Studio .NET 2003 development platform

937059 Description of the security update for the Microsoft Visual Studio .NET 2003 Service Pack 1 development platform

937060 Description of the security update for the Microsoft Visual Studio 2005 development platform

937061 Description of the security update for the Microsoft Visual Studio 2005 Service Pack 1 development platform

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE

Keywords: kbbug kbfix kbsecvulnerability kbqfe kbsecurity kbsecbulletin kbpubtypekc kbexpertisebeginner KB941522

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.