Executive Summary
Summary | |
---|---|
Title | Microsoft Office Snapshot Viewer ActiveX Vulnerability |
Informations | |||
---|---|---|---|
Name | TA08-189A | First vendor Publication | 2008-07-07 |
Vendor | US-CERT | Last vendor Modification | 2008-07-07 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
An unpatched vulnerability in the Microsoft Office Snapshot Viewer ActiveX control is being used in attacks. I. Description Microsoft has released Security Advisory (955179) to describe attacks on a vulnerability in the Microsoft Office Snapshot Viewer ActiveX control. II. Impact A remote, unauthenticated attacker could execute arbitrary code. III. Solution Apply workarounds Microsoft has provided workarounds for this vulnerability in Security Advisory (955179). Additional details and workarounds are provided in US-CERT Vulnerability Note VU#837785. The most effective workaround for this vulnerability is to set kill bits for the Snapshot Viewer ActiveX control, as outlined in the documents noted above. Other workarounds include disabling ActiveX, as specified in the Securing Your Web Browser document, and upgrading to Internet Explorer 7, which can help mitigate the vulnerability with its ActiveX opt-in feature. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA08-189A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6120 | |||
Oval ID: | oval:org.mitre.oval:def:6120 | ||
Title: | Snapshot Viewer Arbitrary File Download Vulnerability | ||
Description: | The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2463 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Access 2000 Microsoft Access 2002 Microsoft Access 2003 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Access Snapshot Viewer file download vulnerability | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-08-19 | Name : Microsoft Access Snapshot Viewer ActiveX Control Vulnerability File : nvt/secpod_ms_access_snapshot_viewer_actvx_vuln_900004.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46749 | Microsoft Access Snapshot Viewer ActiveX (snapview.ocx) PrintSnapshot Method ... A code execution flaw exists in Office. The Access Snapshot Viewer ActiveX control fails to validated unspecified content when saving files resulting in a code execution. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-08-14 | IAVM : 2008-A-0056 - Microsoft Office Access Snapshot Viewer ActiveX Control Vulnerability Severity : Category I - VMSKEY : V0016740 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Snapshot Viewer General Property Page Object ActiveX clsid unicode access RuleID : 7982 - Revision : 11 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 7981 - Revision : 19 - Type : BROWSER-PLUGINS |
2017-08-23 | Microsoft Access Snapshot Viewer ActiveX function call access attempt RuleID : 43606 - Revision : 3 - Type : BROWSER-PLUGINS |
2017-08-23 | Microsoft Access Snapshot Viewer ActiveX function call access attempt RuleID : 43605 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX function call access RuleID : 27793 - Revision : 3 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX function call access attempt RuleID : 27792 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 27791 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 27790 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 27789 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX function call access RuleID : 27788 - Revision : 3 - Type : BROWSER-PLUGINS |
2014-01-10 | Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Access Snapshot Viewer 2 ActiveX function call unicode access RuleID : 13910 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer 2 ActiveX function call access RuleID : 13909 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer 2 ActiveX clsid unicode access RuleID : 13908 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 13907 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer 1 ActiveX function call unicode access RuleID : 13906 - Revision : 9 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX function call access attempt RuleID : 13905 - Revision : 18 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer 1 ActiveX clsid unicode access RuleID : 13904 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 13903 - Revision : 15 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-08-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms08-041.nasl - Type : ACT_GATHER_INFO |