Microsoft Report Viewer Controls XSS Vulnerability

Last Update Date: 10 Aug 2011 12:26 Release Date: 10 Aug 2011 5473 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Application Platforms

TYPE: Application Platforms

An information disclosure vulnerability exists in the way that the Microsoft Report Viewer control improperly validates parameters within a data source. An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser. The script could then be used to spoof content or disclose sensitive information. Note that this vulnerability would not allow an attacker to execute code outside of the browser or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.

Impact

  • Cross-Site Scripting

System / Technologies affected

  • Microsoft Visual Studio 2005
  • Microsoft Report Viewer 2005

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Chart Control Information Disclosure Vulnerability

10 Aug 2011 5197 Views

Next

Adobe Flash Player Multiple Vulnerabilities

10 Aug 2011 5728 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY