A vulnerability has been identified in Microsoft Access Snapshot Viewer ActiveX control potentially allowing malicious HTML documents and Microsoft Access Snapshot files to cause a buffer overflow.
The problem is that Microsoft Access Snapshot Viewer doesn't verify certain parameters properly. This allows malicous people to create snapshot files, which may cause a buffer overflow and execute arbitrary code.
Since the vulnerability exists in a digitally signed ActiveX control this also affects any Internet Explorer, which allows execution of ActiveX. Any site or person may re-introduce this vulnerability until the next update for Internet Explorer, which will set the kill-bit on the vulnerable ActiveX component.
Solution: Secunia recommends that you disallow ActiveX for all sites and then only allow ActiveX on a "per site" basis.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Access Snapshot Viewer Buffer Overflow
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.