Links

Other Posts

 


Microsoft Access Snapshot Viewer ActiveX Vulnerability

Posted on July 8th, 2008 by Ryan Spanier

GSA Reference Number: AD080708-01

Simply Put: Microsoft Access included with Microsoft Office 2000 through 2003, including Office XP, is vulnerable to remote exploitation through Internet Explorer.  If a user with MS Access installed browses to a malicious website, arbitrary files could be copied to the users machine. The vulnerability can be used to run malicious code on a user’s machine without notification or permission. Gladiator feels this issue is extremely critical.

Attack Details: Vulnerable versions of Microsoft Access include an ActiveX control called snapview.ocx.  This controller is used to view Access documents through Internet Explorer without having to open Access.  This is a remote code execution vulnerability, so an attacker can run any piece of code he desires if a user browses to a malicious website that calls snapview.ocx.  This vulnerability is currently being exploited.

Countermeasures: Users should be reminded not to visit untrusted websites nor to click on links to pages they have never visited. Keep checking the links below for information on when a patch will be available. Once a patch is available, be sure to have all users install it throughout the organization.

Users do have an option to disable this ActiveX controller using Internet Explorer Kill Bits.  This requires editing the registry.  Microsoft has posted detailed instructions on how to disable the specific kill bits for this vulnerability.  Please refer to the Microsoft Security Article linked below.

Users also have the option of using a different web browser than Internet Explorer, including Opera and Firefox.  These browsers do not take advantage of ActiveX controls and so are not vulnerable to this attack.

Reference Links:

Tags: , , ,


Reader Comments

Sorry, comments are closed.