MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
Medium Nessus Plugin ID 55797
SynopsisThe remote Windows host contains a web control that could allow information disclosure.
DescriptionThe installed version of the Microsoft Report Viewer control fails to properly validate parameters within a data source, which results in a reflected (or non-persistent) cross-site scripting vulnerability.
If an attacker can trick a user into clicking on a link to a malicious server, he could inject a client-side script in the user's browser that in turn could be used to spoof content or disclose sensitive information.
SolutionMicrosoft has released a set of patches for Microsoft Visual Studio 2005 SP1 and the Microsoft Report Viewer 2005 SP1 Redistributable Package.