<< Back
CVE Number Vulnerability Product Severity Date
MS11-067 Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) Microsoft Visual Critical 10-08-2011

Technical Information

Brief overview of the risk:
An information disclosure vulnerability exists in the way that the Microsoft Report Viewer control improperly validates parameters within a data source.
Detailed Information on the risk:

An attacker who successfully exploited this vulnerability could inject a client-side script in the user’s browser. The script could then be used to spoof content or disclose sensitive information. Note that this vulnerability would not allow an attacker to execute code outside of the browser or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.

Further information on this exploit is available at : MS11-067

Affected Software

Microsoft Visual Studio 2005 Service Pack 1
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package