Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability

Snapshot Viewer for Microsoft Access is prone to a vulnerability that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer.

Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. This will facilitate a remote compromise.

UPDATE (August 1, 2008): Symantec has observed in-the-wild attacks leveraging a new vector of attack for this issue. The newly discovered vector greatly increases the severity of the flaw because users who do not have the Snapshot Viewer control on their system can be forced to download the control without interaction and can then be exploited.


 

Privacy Statement
Copyright 2010, SecurityFocus