GEN:SID 1:2581
Message WEB-MISC Crystal Reports crystalimagehandler.aspx access
Summary This event is generated when an attempt is made to exploit a directory
traversal associated with the Crystal Reports web viewer.
Impact A successful attack may allow unauthorized files to be viewed or
possibly deleted.
Detailed Information A vulnerability exists in the Crystal Reports web viewer that may permit
an attacker to view or delete unauthorized files.  The is due to a
failure to ensure that that a requested Crystal Report file location
is in the web root directory, permitting unauthorized files to be
viewed.

In addition, Crystal Reports assumes that the requested report
file for viewing is a temporary file and deletes it after the
web version has been viewed.  This problem combined with the
directory traversal vulnerability may allow sensitive or valuable
files to be deleted.
Affected Systems Crystal Reports 8.5 JAVA SDK
Crystal Reports RAS 8.5 for UNIX
Crystal Reports 9.0
Crystal Enterprise 9.0
Crystal Reports 10
Crystal Reports 10.0
Attack Scenarios An attacker can request to view a file not in the web root
directory, permitting unauthorized information disclosure.
The viewed file will be deleted subsequently possibly causing
harm to the server.
Ease of Attack Simple.
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References  
Rule References cve: 2004-0204
url: www.microsoft.com/security/bulletins/200406_crystal.mspx