Full title: SQL Server Reporting Services (SSRS) ViewState Deserialization Exploit 
Category: remote exploits
Platform: multiple
A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server.

# 0day.today @ http://0day.today/