Microsoft Office Snapshot Viewer ActiveX Control Vulnerability
The Microsoft Office Snapshot Viewer ActiveX control contains a vulnerability, which can allow a remote, unauthenticated attacker to download arbitrary files to arbitrary locations.
An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
By convincing a victim to view an HTML document (web page, HTML email, or email attachment), an attacker could download arbitrary files to a vulnerable system within the security context of the user running IE. These files could contain code that could be executed through other means. The user may click the file inadvertently, or the file may be placed in a sensitive location, such as the Windows Startup folder where it will automatically execute the next time the user logs onto the system.
The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.
The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer.
Currently there is no practical solution to this problem. Microsoft Security Advisory 955179 has issued the following workarounds:
Disable the Microsoft Snapshot Viewer ActiveX control in Internet Explorer
Upgrade to Internet Explorer 7
Do not run Windows with administrator privileges
Disable ActiveX
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.