Snapshot Viewer ActiveX Control Vulnerability



Hi. Bill here.


 


I want to let you know that we have just posted Microsoft Security Advisory 955179, which contains information regarding active, targeted attacks using a vulnerability in the Snapshot Viewer ActiveX control for Microsoft Access.


 


The Snapshot Viewer enables you to view a report snapshot without having the standard or run-time versions of Microsoft Office Access.


 


The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003.


 


We’ve activated our Software Security Incident Response Process (SSIRP) to investigate and have identified steps customers can take to protect themselves in the workaround section.


 


We encourage affected customers to implement the manual workarounds included in the Advisory, which Microsoft has tested. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors.


 


While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA partners to help protect customers. We will update the Advisory and this blog as new information becomes available.


 


Thanks,


 


Bill Sisk


 


*This posting is provided “AS IS” with no warranties, and confers no rights.*


Comments (6)

  1. Anonymous says:

    Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote

  2. Anonymous says:

    Cybercriminals are exploiting a bug in software used by Microsoft's Access database program in a

  3. Anonymous says:

    Microsoft has released an advisory for a MS Access remote code-execution vulnerability. The flaw lies

  4. Anonymous says:

    Symantec found an exploit case of Access Snapshot Viewer ActiveX Vulnerability that took advantage of

  5. Anonymous says:

    (Never ending story…) We arrived a bit early at the office the other day. It was a beautiful sunny