JnCoKiLLa Posted September 4, 2003 Share Posted September 4, 2003 Title: Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104) Date: September 3, 2003 Software: Microsoft Access 97 Microsoft Access 2000 Microsoft Access 2002 Impact: Elevation of Privilege Max Risk: Moderate Bulletin: MS03-038 Microsoft encourages customers to review the Security Bulletins at: http://www.microsoft.com/technet/security/...in/MS03-038.asp http://www.microsoft.com/security/security...ns/MS03-038.asp - -------------------------------------------------------------------- Issue: ====== With Microsoft Access Snapshot Viewer, you can distribute a snapshot of a Microsoft Access database that allows the snapshot to be viewed without having Access installed. For example, a customer may want to send a supplier an invoice that is generated by using an Access database. With Microsoft Access Snapshot Viewer, the customer can package the database so that the supplier can view it and print it without having Access installed. The Microsoft Access Snapshot Viewer is available with all versions of Access - though it is not installed by default - and is also available as a separate stand-alone. The Snapshot Viewer is implemented by using an ActiveX control. A vulnerability exists because of a flaw in the way that Snapshot Viewer validates parameters. Because the parameters are not correctly checked, a buffer overrun can occur, which could allow an attacker to execute the code of their choice in the security context of the logged-on user. For an attack to be successful, an attacker would have to persuade a user to visit a malicious Web site that is under the attacker's control. Mitigating Factors: ==================== * The Microsoft Access Snapshot Viewer is not installed with Microsoft Office by default. * An attacker would need to persuade a user to visit a website under the attacker's control for an attack to be successful. * An attacker's code would run with the same permissions as the user. If a user's permissions were restricted the attacker would be similarly restricted. Risk Rating: ============ -Moderate Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletins at http://www.microsoft.com/technet/security/...in/MS03-038.asp http://www.microsoft.com/security/security...bulletins/MS03- 038.asp for information on obtaining this patch. Link to comment Share on other sites More sharing options...
Recommended Posts