MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)

medium Nessus Plugin ID 55797

Synopsis

The remote Windows host contains a web control that could allow information disclosure.

Description

The installed version of the Microsoft Report Viewer control fails to properly validate parameters within a data source, which results in a reflected (or non-persistent) cross-site scripting vulnerability.

If an attacker can trick a user into clicking on a link to a malicious server, he could inject a client-side script in the user's browser that in turn could be used to spoof content or disclose sensitive information.

Solution

Microsoft has released a set of patches for Microsoft Visual Studio 2005 SP1 and the Microsoft Report Viewer 2005 SP1 Redistributable Package.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-067

Plugin Details

Severity: Medium

ID: 55797

File Name: smb_nt_ms11-067.nasl

Version: 1.19

Type: local

Agent: windows

Published: 8/9/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:report_viewer, cpe:/a:microsoft:visual_studio

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/9/2011

Vulnerability Publication Date: 8/9/2011

Reference Information

CVE: CVE-2011-1976

BID: 49033

MSFT: MS11-067

MSKB: 2548826, 2579115