Vigil@nce: Microsoft Access, remote code execution via snapshot viewer
August 2008 by Vigil@nce
An attacker can create a malicious webpage, when the victim will open it, code will could be executed on his computer.
Consequences: privileged access/rights
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 13/08/2008
Microsoft Access [confidential versions]
Snapshot Viewer is useful to display MS Office documents without having originals versions.
Snapshot viewer uses a "snapview.ocx", this last has two
attributes which is possible to divert:
"SnapshotPath" which define the path to the file to display
"CompressedPath" which define the path to copy a file
An attacker can use these two attributes to download and copy a malicious webpage in order to execute code.
Identifiers: 955617, CVE-2008-2463, MS08-041, VIGILANCE-VUL-8011