Executive Summary
Summary | |
---|---|
Title | Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) |
Informations | |||
---|---|---|---|
Name | MS11-067 | First vendor Publication | 2011-08-09 |
Vendor | Microsoft | Last vendor Modification | 2012-03-13 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (March 13, 2012): Added an entry to the update FAQ to announce a detection change for KB2548826 to correct an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-067 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12773 | |||
Oval ID: | oval:org.mitre.oval:def:12773 | ||
Title: | Report Viewer Controls XSS Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1976 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Visual Studio 2005 Microsoft Report Viewer 2005 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-11 | Name : Microsoft Report Viewer Information Disclosure Vulnerability (2578230) File : nvt/secpod_ms11-067.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74396 | Microsoft Report Viewer Control Unspecified XSS Microsoft Report Viewer contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input passed to the Microsoft Report Viewer control before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-08-11 | IAVM : 2011-B-0099 - Microsoft Report Viewer Information Disclosure Vulnerability Severity : Category II - VMSKEY : V0029780 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Report Viewer reflect XSS attempt RuleID : 19681 - Revision : 5 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-08-09 | Name : The remote Windows host contains a web control that could allow information d... File : smb_nt_ms11-067.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:47:05 |
|
2014-01-19 21:30:43 |
|
2013-11-11 12:41:24 |
|