New
Category: Home > General Software > Microsoft Office
A security vulnerability exists in the Microsoft Access 97, 2000 and 2002 Snapshot Viewer which could allow an attacker to execute code of their choice by persuading a user to open an affected document
Issue
With Microsoft Access Snapshot Viewer, you can distribute a snapshot of a Microsoft Access database that allows the snapshot to be viewed without having Access installed. For example, a customer may want to send a supplier an invoice that is generated by using an Access database. With Microsoft Access Snapshot Viewer, the customer can package the database so that the supplier can view it and print it without having Access installed. The Microsoft Access Snapshot Viewer is available with all versions of Access - though it is not installed by default - and is also available as a separate stand-alone download. The Snapshot Viewer is implemented by using an ActiveX control.
A vulnerability exists because of a flaw in the way that Snapshot Viewer validates parameters. Because the parameters are not correctly checked, a buffer overrun can occur, which could allow an attacker to execute the code of their choice in the security context of the logged-on user.
For an attack to be successful, an attacker would have to persuade a user to visit a malicious Web site that is under the attackers control.
Affected Products
Microsoft Access 97
Microsoft Access 2000
Microsoft Access 2002
Download
Software patches are available from the following locations:
Further Details
Source:
Reference:
Updated: September 3, 2003
Updated: September 4, 2003
| 
Registry
Features
