Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849) Network Vulnerability

Summary

This host has important security update missing according to Microsoft Bulletin MS12-070.

Impact

Successful exploitation could allow remote attackers to gain sensitive information or execute arbitrary code in the context of the current user. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-070

Insight

An error exists in the SQL Server Reporting Services (SSRS), which can be exploited to insert client-side script code.

Affected

Microsoft SQL Server 2012 Microsoft SQL Server 2005 Service Pack 4 and prior Microsoft SQL Server 2008 Service Pack 2 and prior Microsoft SQL Server 2008 Service Pack 3 and prior Microsoft SQL Server 2000 Reporting Services Service Pack 2

References

http://secunia.com/advisories/50901
http://support.microsoft.com/kb/2754849
http://technet.microsoft.com/en-us/security/bulletin/ms12-070
http://www.securitytracker.com/id/1027623

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2552

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Windows Digital Signatures Denial of Service Vulnerability (2868626)
Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
Microsoft Office Web Apps HTML Sanitisation Component XSS Vulnerability (2821818)
Microsoft Group Policy Preferences Privilege Elevation Vulnerability (2962486)

Take action and discover your vulnerabilities