MS12-070: Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849) (uncredentialed check)
Medium Nessus Plugin ID 62468
SynopsisA cross-site scripting vulnerability in SQL Server could allow elevation of privilege.
DescriptionThe remote host has a version of Microsoft SQL Server installed. This version of SQL Server is running SQL Server Reporting Services (SRSS), which is affected by a cross-site scripting (XSS) vulnerability that could allow elevation of privileges. Successful exploitation could allow an attacker to execute arbitrary commands on the SSRS site in the context of the targeted user. An attacker would need to entice a user to visit a specially crafted link in order to exploit the vulnerability.
SolutionMicrosoft has released a set of patches for SQL Server 2000, 2005, 2008, 2008 R2, and 2012.