Signature Detail
Short Name |
HTTP:XSS:MS-REPORT-VIEWER |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Report Viewer Control Cross Site Scripting |
Release Date |
2011/08/08 |
Update Number |
1969 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Report Viewer Control Cross Site Scripting
This signature detects attempts to exploit a known flaw in Microsoft Report Viewer. An information disclosure vulnerability exists in the Microsoft Report Viewer control due to the improper validation of parameters within a data source. An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser, resulting in arbitrary code execution with the privileges of the user's browser session.
Extended Description
Microsoft Visual Studio is prone to multiple cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to spoof content or disclose sensitive information.
Affected Products
- Microsoft Report Viewer 2005 SP1
- Microsoft Visual Studio 2005 SP1
- Microsoft Visual Studio 2005 Professional Edition
- Microsoft Visual Studio 2005 Standard Edition
- Microsoft Visual Studio 2005 Team Edition
References
- BugTraq: 49033
- CVE: CVE-2011-1976