Signature Detail

HTTP: Microsoft Access Snapshot Viewer ActiveX Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Snapshot Viewer for Microsoft Access. A successful attack can lead to arbitrary code execution.

Extended Description

Snapshot Viewer for Microsoft Access is prone to a vulnerability that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer. Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. This will facilitate a remote compromise. UPDATE (August 1, 2008): Symantec has observed in-the-wild attacks leveraging a new vector of attack for this issue. The newly discovered vector greatly increases the severity of the flaw because users who do not have the Snapshot Viewer control on their system can be forced to download the control without interaction and can then be exploited.

Affected Products

• Microsoft Access 2000 SP2
• Microsoft Access 2000 SP3
• Microsoft Access 2000 SR1
• Microsoft Access 2000
• Microsoft Access 2002 SP1
• Microsoft Access 2002 SP2
• Microsoft Access 2002 SP3
• Microsoft Access 2002
• Microsoft Access 2003 SP2
• Microsoft Access 2003 SP3
• Microsoft Access 2003
• Microsoft Snapshot Viewer for Microsoft Access

References

• BugTraq: 8536
• BugTraq: 30114
• CVE: CVE-2003-0665
• CVE: CVE-2008-2463