MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)

Medium Nessus Plugin ID 55797


The remote Windows host contains a web control that could allow information disclosure.


The installed version of the Microsoft Report Viewer control fails to properly validate parameters within a data source, which results in a reflected (or non-persistent) cross-site scripting vulnerability.

If an attacker can trick a user into clicking on a link to a malicious server, he could inject a client-side script in the user's browser that in turn could be used to spoof content or disclose sensitive information.


Microsoft has released a set of patches for Microsoft Visual Studio 2005 SP1 and the Microsoft Report Viewer 2005 SP1 Redistributable Package.

See Also

Plugin Details

Severity: Medium

ID: 55797

File Name: smb_nt_ms11-067.nasl

Version: $Revision: 1.17 $

Type: local

Agent: windows

Published: 2011/08/09

Modified: 2017/07/26

Dependencies: 57033, 13855

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:microsoft:report_viewer, cpe:/a:microsoft:visual_studio

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/08/09

Vulnerability Publication Date: 2011/08/09

Reference Information

CVE: CVE-2011-1976

BID: 49033

OSVDB: 74396

MSFT: MS11-067

MSKB: 2548826, 2579115