HTTP: Microsoft Access Snapshot Viewer ActiveX Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Snapshot Viewer for Microsoft Access. A successful attack can lead to arbitrary code execution.
Extended Description
Snapshot Viewer for Microsoft Access is prone to a vulnerability that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer. Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. This will facilitate a remote compromise. UPDATE (August 1, 2008): Symantec has observed in-the-wild attacks leveraging a new vector of attack for this issue. The newly discovered vector greatly increases the severity of the flaw because users who do not have the Snapshot Viewer control on their system can be forced to download the control without interaction and can then be exploited.
Affected Products
Microsoft access_2002
Short Name
HTTP:STC:ACTIVEX:SNAPVIEW-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Access ActiveX CVE-2003-0665 CVE-2008-2463 Code Execution Microsoft Remote Snapshot Viewer bid:30114 bid:8536
Release Date
07/08/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5
6.8