• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Access Snapshot Viewer ActiveX Control Parameter Buffer Overflow Vulnerability

Solution:
Microsoft has released fixes. This fix does not set the kill bit on the affected ActiveX control. The vendor has reported that a kill bit will be issued for the old affected control in a forthcoming Internet Explorer security patch. The vendor advises customers who are running Access 97 and the standalone Snapshot Viewer to install the updated standalone Snapshot Viewer. See the references for details.


Microsoft Access 97

• Microsoft Stand-alone Snapshot Viewer
  http://www.microsoft.com/AccessDev/Articles/snapshot.htm

Microsoft Access 2000 SP3

• Microsoft office2000-kb826292-client-enu.exe
  http://www.microsoft.com/downloads/details.aspx?FamilyId=F6CB9C8E-16E3 -422D-86DD-7ED5671FB8D4&displaylang=en

Microsoft Access 2002 SP2

• Microsoft officexp-kb826293-fullfile-enu.exe
  http://www.microsoft.com/downloads/details.aspx?FamilyId=B50D4863-1BBE -4009-9DF8-52D3A916D54F&displaylang=en