CVE-2012-2552

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions 2000 Reporting Services SP2, 2005 SP4, 2008 SP2, 2008 SP3, 2008 R2 SP1, and 2012

Description A cross-site scripting (XSS) issue exists in the SQL Server Report Manager, allowing remote attackers to inject arbitrary web script or HTML via an unspecified parameter. This is referred to as a "Reflected XSS Vulnerability."

Recommendations For Microsoft SQL Server 2000 Reporting Services SP2, update to a version that includes the fix for this issue. For Microsoft SQL Server 2005 SP4, update to a version that includes the fix for this issue. For Microsoft SQL Server 2008 SP2 and SP3, update to a version that includes the fix for this issue. For Microsoft SQL Server 2008 R2 SP1, update to a version that includes the fix for this issue. For Microsoft SQL Server 2012, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SQL Server Report Manager to minimize the risk of exploitation.