Vigil@nce: Microsoft Access, remote code execution via snapshot viewer
August 2008 by Vigil@nce
SYNTHESIS
An attacker can create a malicious webpage, when the victim will
open it, code will could be executed on his computer.
Gravity: 3/4
Consequences: privileged access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 13/08/2008
Identifier: VIGILANCE-VUL-8011
IMPACTED PRODUCTS
– Microsoft Access [confidential versions]
DESCRIPTION
Snapshot Viewer is useful to display MS Office documents without
having originals versions.
Snapshot viewer uses a "snapview.ocx", this last has two
attributes which is possible to divert:
– "SnapshotPath" which define the path to the file to display
– "CompressedPath" which define the path to copy a file
An attacker can use these two attributes to download and copy a
malicious webpage in order to execute code.
CHARACTERISTICS
Identifiers: 955617, CVE-2008-2463, MS08-041, VIGILANCE-VUL-8011