Content
(MS08-041) Microsoft Snapshot Viewer Arbitrary File Download and Install Vulnerability (955617)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- High
- CVE reference
- CVE-2008-2463,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Snapshot Viewer ,
- Access 2000,
- Access 2002,
- Access 2003,
- Summary
- A vulnerability in Microsoft Snapshot Viewer may allow for remote code-execution attacks.
Tab Navigation
Description
Snapshot Viewer is used to view snapshots create with Microsoft Access. A vulnerability in the Microsoft Snapshot Viewer ActiveX control, snapview.ocx, may allow for remote code-execution attacks. A specially crafted Web page could download files to the victim's machine. A user would have to visit a malicious Web site for an attack to occur.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (955617): http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-041) Microsoft Snapshot Viewer Arbitrary File Download and Install Vulnerability (955617)
- Signature identifier:
- 5996
- Release date:
- 7/10/2008
McAfee Intrushield
McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- HTTP: Microsoft Snapshot Viewer for Microsoft Access Code Execution
- Signature identifier:
- 0x4024A000
- Release date:
- 7/8/2008
- First released in:
- Sigset(s) 3.1.67, 4.1.30
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
- Signature identifier:
- 3933
- First released in:
- 2092
Additional Resources
Microsoft Security Bulletin: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
All Information
Timeline -
8/12/2008
Vendor has provided a patch.
Description -
Snapshot Viewer is used to view snapshots create with Microsoft Access. A vulnerability in the Microsoft Snapshot Viewer ActiveX control, snapview.ocx, may allow for remote code-execution attacks. A specially crafted Web page could download files to the victim's machine. A user would have to visit a malicious Web site for an attack to occur.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (955617): http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-041) Microsoft Snapshot Viewer Arbitrary File Download and Install Vulnerability (955617)
- Signature identifier:
- 5996
- Release date:
- 7/10/2008
McAfee Intrushield
McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- HTTP: Microsoft Snapshot Viewer for Microsoft Access Code Execution
- Signature identifier:
- 0x4024A000
- Release date:
- 7/8/2008
- First released in:
- Sigset(s) 3.1.67, 4.1.30
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
- Signature identifier:
- 3933
- First released in:
- 2092
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx
