ActiveX Exploit for Microsoft Access Snapshot Viewer
By Jason • Jul 7th, 2008 • Category: Vulnerability ManagementMicrosoft released an advisory for targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access.
This vulnerability exists due to an unspecified error in the Snapshot ActiveX control (snapview.ocx). An unauthenticated, remote attacker could exploit this vulnerability by crafting an HTML document and convincing a user to view the crafted document. An exploit could allow the attacker to download arbitrary files to the affected system in the security context of the user who is running the browser.
MS Advisory: http://www.microsoft.com/technet/security/advisory/955179.mspx
This affects all machines with Access versions prior to 2007, including the viewer. If exploitation is widespread, consider setting killbits.
For setting killbits, here are the activeX controls:
- F0E42D50-368C-11D0-AD81-00A0C90DC8D9
- F0E42D60-368C-11D0-AD81-00A0C90DC8D9
- F2175210-368C-11D0-AD81-00A0C90DC8D9
Additional Information:
- More on setting killbits: http://support.microsoft.com/kb/240797
- US-CERT: http://www.kb.cert.org/vuls/id/837785
- SANS: http://isc.sans.org/diary.html?storyid=4672
*UPDATE: Symantec recommends blocking 83.149.98.139
