MS12-070: Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

medium Nessus Plugin ID 62465


A cross-site scripting vulnerability in SQL Server could allow elevation of privilege.


The remote host has a version of Microsoft SQL Server installed. This version of SQL Server is running SQL Server Reporting Services (SRSS), that is affected by a cross-site scripting (XSS) vulnerability that could allow elevation of privileges. Successful exploitation could allow an attacker to execute arbitrary commands on the SSRS site in the context of the targeted user. An attacker would need to entice a user to visit a specially crafted link in order to exploit the vulnerability.


Microsoft has released a set of patches for SQL Server 2000, 2005, 2008, 2008 R2, and 2012.

See Also

Plugin Details

Severity: Medium

ID: 62465

File Name: smb_nt_ms12-070.nasl

Version: 1.19

Type: local

Agent: windows

Published: 10/10/2012

Updated: 4/11/2022

Configuration: Enable thorough checks

Risk Information


Risk Factor: Low

Score: 1.6


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 10/9/2012

Vulnerability Publication Date: 10/9/2012

Reference Information

CVE: CVE-2012-2552

BID: 55783