Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:FEF8D8D9A1BEB3EF41ADE4CB6C427B5B
HistoryJul 11, 2008 - 12:00 a.m.

Microsoft Access Snapshot Viewer file download vulnerability

2008-07-1100:00:00
SAINT Corporation
download.saintcorporation.com
19

EPSS

0.97

Percentile

99.8%

JSON

Added: 07/11/2008
CVE: CVE-2008-2463
BID: 30144
OSVDB: 46749

Background

The Snapshot Viewer for Microsoft Access is used to display report snapshots without needing to fully invoke Access. It enables an ActiveX control in **snapview.ocx**.

Problem

The Snapshot Viewer ActiveX control allows remote files to be downloaded to arbitrary locations on the user’s computer. This could allow command execution by a malicious web page which downloads an executable file to the Startup folder. The file would then be executed the next time the user logs in.

Resolution

Set the kill bit on the ActiveX control as described in Microsoft Security Advisory 955179.

References

<http://www.kb.cert.org/vuls/id/837785&gt;

Limitations

Exploit requires a user to load the exploit page into Internet Explorer. The connection is established after the user logs out and logs in again.

Platforms

Windows

Related

nessus 1
saint 3
seebug 1
cve 1
d2 1
checkpoint_advisories 2
cert 1
packetstorm 1
openvas 2
securityvulns 2
cvelist 1
nvd 1
metasploit 1
exploitdb 2
prion 1
nessus
nessus
MS08-041: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
2008-08-13 00:00:00
saint
saint
Microsoft Access Snapshot Viewer file download vulnerability
2008-07-11 00:00:00
Microsoft Access Snapshot Viewer file download vulnerability
2008-07-11 00:00:00
Microsoft Access Snapshot Viewer file download vulnerability
2008-07-11 00:00:00
seebug
seebug
Microsoft AccessεΏ«η…§ζŸ₯ηœ‹ε™¨ActiveXζŽ§δ»Άδ»»ζ„ζ–‡δ»ΆδΈ‹θ½½ζΌζ΄ž
2008-07-09 00:00:00
cve
cve
CVE-2008-2463
2008-07-07 23:41:00
d2
d2
DSquare Exploit Pack: D2SEC_SNPVW2
2008-07-07 23:41:00
checkpoint_advisories
checkpoint_advisories
Microsoft Access Snapshot Viewer ActiveX Control Arbitrary File Download (CVE-2008-2463)
2008-07-08 00:00:00
Microsoft Access Snapshot Viewer ActiveX Control Arbitrary File Download - Ver2 (CVE-2008-2463)
2014-03-31 00:00:00
cert
cert
Microsoft Office Snapshot Viewer ActiveX control race condition
2008-07-07 00:00:00
packetstorm
packetstorm
Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download
2009-11-26 00:00:00
openvas
openvas
Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
2008-08-19 00:00:00
Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
2008-08-19 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-041 – Critical Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution &#40;955617&#41;
2008-08-12 00:00:00
Microsoft Access ActiveX file download
2008-08-12 00:00:00
cvelist
cvelist
CVE-2008-2463
2008-07-07 23:00:00
nvd
nvd
CVE-2008-2463
2008-07-07 23:41:00
metasploit
metasploit
Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download
2008-10-01 22:40:57
exploitdb
exploitdb
Microsoft Access - &#039;Snapview.ocx 10.0.5529.0&#039; ActiveX Remote File Download
2008-07-24 00:00:00
Snapshot Viewer for Microsoft Access - ActiveX Control Arbitrary File Download (Metasploit)
2010-09-20 00:00:00
prion
prion
Code injection
2008-07-07 23:41:00

EPSS

0.97

Percentile

99.8%

JSON
Related for SAINT:FEF8D8D9A1BEB3EF41ADE4CB6C427B5B
nessus1saint3seebug1cve1d21checkpoint_advisories2cert1packetstorm1openvas2securityvulns2cvelist1nvd1metasploit1exploitdb2prion1