(MS12-070) Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

Publish date: October 24, 2012

Severity: HIGH

CVE Identifier: CVE-2012-2552

Advisory Date: OCT 24, 2012

DESCRIPTION

This patch addresses a vulnerability existing in Microsoft SQL Server on systems with SQL Server Reporting Services (SSRS). It is a cross-site scripting vulnerability that could allow attackers to execute arbitrary commands on the SSRS site. A remote attacker can exploit this vulnerability by sending a specially crafted link to the users. Moreover, attackers can host a web page that can exploit this vulnerability.

SOLUTION

PATCH: http://technet.microsoft.com/en-us/security/bulletin/ms12-070

AFFECTED SOFTWARE AND VERSION

Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 1
Microsoft SQL Server 2012 for x64-based Systems
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4
Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4
Microsoft SQL Server 2005 for x64-based Systems Service Pack 4
Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3
Microsoft SQL Server 2008 for x64-based Systems Service Pack 2
Microsoft SQL Server 2008 for x64-based Systems Service Pack 3
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3
Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 1
Microsoft SQL Server 2012 for 32-bit Systems

Featured Stories

$Open Ran Attack of xApps$
Open RAN: Attack of the xApps
This article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handling
Read more
$A Closer Exploration of Residential Proxies and CAPTCHA-Breaking Services$
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking Services
This article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.
Read more
$How Residential Proxies and CAPTCHA-Solving Services Become Agents of Abuse$
How Residential Proxies and CAPTCHA-Solving Services Become Agents of Abuse
This article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.
Read more
$Cloud-native apps$
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native Applications
We provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.
Read more

(MS12-070) Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

DESCRIPTION

SOLUTION

AFFECTED SOFTWARE AND VERSION

Featured Stories

Resources

Support

About Trend

Country Headquarters

(MS12-070) Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

DESCRIPTION

SOLUTION

AFFECTED SOFTWARE AND VERSION

Featured Stories

Resources

Support

About Trend

Country Headquarters

The Americas

Middle East & Africa

Europe

Asia & Pacific