Status Tracking Note TRTA08-189A

Microsoft Office Snapshot Viewer ActiveX Vulnerability

Overview

An unpatched vulnerability in the Microsoft Office Snapshot Viewer ActiveX control is being used in attacks.
Event Information


Date (UTC)Description
2008-08-13 02:39 Microsoft
MS08-AUG: Microsoft Security Bulletin Summary for August 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-08-13 02:39 Microsoft
Microsoft Security Advisory (955179): Vulnerability in the ActiveX Control for theSnapshot Viewer for Microsoft Access Could Allow Remote CodeExecution
Snapshot Viewer Arbitrary File Download Vulnerability (MS08-041, CVE-2008-2463)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-041 to address this issue.
2008-08-01 21:03 Symantec
ThreatCON (1) => (2)
A new attack vector for the Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability has been identified.
Symantec has observed in-the-wild attacks leveraging a new vector of attack for this issue. The newly discovered vector greatly increases the severity of the flaw because users who do not have the Snapshot Viewer control on their system can be forced to download the control without interaction and can then be exploited.
2008-07-09 10:38 Symantec Security Response Blog : Vulnerabilities & Exploits
Microsoft Access Snapshot Viewer Exploited in Neosploit Wrapper
On July 7, Microsoft released a Security Bulletin outlining a vulnerability in the Access Snapshot Viewer ActiveX control. On or about this date, our honeypots began detecting this vulnerability exploited in what I can only describe as a Neosploit wrapper.
2008-07-08 17:49 US-CERT
Microsoft Releases Security Advisory For Snapshot Viewer ActiveX Control
US-CERT Current Activity
Microsoft has released a Security Advisory to address a vulnerability in a Microsoft Access ActiveX control. By convincing a user to visit a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code. The Advisory also indicates that the vulnerability is being used in active, targeted attacks.
2008-07-07 20:06 US-CERT
TA08-189A: Microsoft Office Snapshot Viewer ActiveX Vulnerability
Via US-CERT Mailing List
2008-07-07 19:13 SANS Internet Storm Center
Microsoft Snapshot Viewer Security Advisory
Microsoft earlier today released a Security Advisory which discusses a remote code execution vulnerability in the ActiveX control for Snapshot Viewer. The Snapshot Viewer ActiveX control enable the user to view an Access report snapshot without having the standard or run-time version of Microsoft Access.
2008-07-07 18:19 Microsoft
Microsoft Security Advisory (955179): Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access.
2008-07-07 09:07 Microsoft Security Response Center Blog
Snapshot Viewer ActiveX Control Vulnerability
We've activated our Software Security Incident Response Process (SSIRP) to investigate and have identified steps customers can take to protect themselves in the workaround section.
2008-07-07 IBM Internet Security Systems
Microsoft ActiveX Snapshot Viewer for Microsoft Access RCE
Snapshot Viewer Vulnerability (CVE-2008-2463)
Microsoft ActiveX Snapshot Viewer for Microsoft Access could allow a remote attacker to execute arbitrary code on the system. Targeted active exploitation for this issue has been reported.

Reference

Date first published (UTC): 2008-07-12T21:16+00:00
Date last updated (UTC): 2008-08-15T06:50+00:00
Valid HTML 4.01!