[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Privilege escalation vulnerability in SQL Server - MS12-070

ID: oval:org.secpod.oval:def:7325Date: (C)2012-10-12   (M)2023-02-27
Class: PATCHFamily: windows




The host is missing an Important security update according to Microsoft security bulletin, MS12-070. The update is required to fix privilege escalation vulnerability in SQL Server. A flaw is present in SQL Server running SQL Server Reporting Services, which fails to handle SQL Server Report Manager input parameters. Successful exploitation could allow an attacker to execute arbitrary commands on the SSRS site in the context of the targeted user.

Platform:
Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product:
Microsoft SQL Server 2000 Reporting Services
Microsoft SQL Server 2005
Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2012
Reference:
MS12-070
CVE-2012-2552
CVE    1
CVE-2012-2552
CPE    23
cpe:/a:microsoft:sql_server:2008:r2_sp1:itanium
cpe:/a:microsoft:sql_server:2005
cpe:/a:microsoft:sql_server:2008:sp2
cpe:/a:microsoft:sql_server:2008
...
XCCDF    9
xccdf_com.secpod_benchmark_microsoft-windows-2000
xccdf_com.secpod_benchmark_microsoft-windows-server-2008
xccdf_scaprepo.com_benchmark_microsoft-windows-server-2008-r2
xccdf_com.secpod_benchmark_microsoft-windows-server-2003
...

© SecPod Technologies