| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS11-067 | Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) | Microsoft Visual | Critical | 10-08-2011 |
Technical Information
Brief overview of the risk:
An information disclosure vulnerability exists in the way that the Microsoft Report Viewer control improperly validates parameters within a data source.
Detailed Information on the risk:
An attacker who successfully exploited this vulnerability could inject a client-side script in the user’s browser. The script could then be used to spoof content or disclose sensitive information. Note that this vulnerability would not allow an attacker to execute code outside of the browser or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.
Further information on this exploit is available at : MS11-067
Affected Software
Microsoft Visual Studio 2005 Service Pack 1Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package