Symantec ThreatCON (1) => (2) A new attack vector for the Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability has been identified.
Symantec has observed in-the-wild attacks leveraging a new vector of attack for this issue. The newly discovered vector greatly increases the severity of the flaw because users who do not have the Snapshot Viewer control on their system can be forced to download the control without interaction and can then be exploited.
2008-07-09 10:38
Symantec Security Response Blog : Vulnerabilities & Exploits Microsoft Access Snapshot Viewer Exploited in Neosploit Wrapper On July 7, Microsoft released a Security Bulletin outlining a vulnerability in the Access Snapshot Viewer ActiveX control. On or about this date, our honeypots began detecting this vulnerability exploited in what I can only describe as a Neosploit wrapper.
2008-07-08 17:49
US-CERT Microsoft Releases Security Advisory For Snapshot Viewer ActiveX Control US-CERT Current Activity
Microsoft has released a Security Advisory to address a vulnerability in a Microsoft Access ActiveX control. By convincing a user to visit a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code. The Advisory also indicates that the vulnerability is being used in active, targeted attacks.
SANS Internet Storm Center Microsoft Snapshot Viewer Security Advisory Microsoft earlier today released a Security Advisory which discusses a remote code execution vulnerability in the ActiveX control for Snapshot Viewer. The Snapshot Viewer ActiveX control enable the user to view an Access report snapshot without having the standard or run-time version of Microsoft Access.
Microsoft Security Response Center Blog Snapshot Viewer ActiveX Control Vulnerability We've activated our Software Security Incident Response Process (SSIRP) to investigate and have identified steps customers can take to protect themselves in the workaround section.
2008-07-07
IBM Internet Security Systems Microsoft ActiveX Snapshot Viewer for Microsoft Access RCE Snapshot Viewer Vulnerability (CVE-2008-2463)
Microsoft ActiveX Snapshot Viewer for Microsoft Access could allow a remote attacker to execute arbitrary code on the system. Targeted active exploitation for this issue has been reported.