Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2463

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2463
Last Modified 12 Sep 2012 10:29:04
Published 07 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2463

Summary

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable Systems

Application

  • Microsoft Office Snapshot Viewer Activex Office 2003

  • Microsoft Office Snapshot Viewer Activex Office Xp

  • Microsoft Office Snapshot Viewer Activex Office2000


References

CERT - TA08-225A

CERT - TA08-189A

CERT-VN - VU#837785

XF - microsoft-snapshotviewer-code-execution(43613)

VUPEN - ADV-2008-2012

SECTRACK - 1020433

BID - 30114

CONFIRM - http://www.microsoft.com/technet/security/advisory/955179.mspx

SECUNIA - 30883

HP - SSRT080117

MILW0RM - 6124

HP - HPSBST02360

Related Patches

MS08-041 955617 955440 (English/MUI) Security Update for Microsoft Access 2002 (Rev 2)

MS08-041 955617 955439 (English/MUI) Security Update for Microsoft Access 2003 (Rev 3)


Last Updated: 27 May 2016 11:00:34