Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft Snapshot Viewer Security Advisory - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Snapshot Viewer Security Advisory

Microsoft earlier today released a Security Advisory which discusses a
remote code execution vulnerability in the ActiveX control for Snapshot
Viewer. The Snapshot Viewer ActiveX control enable the user to view an
Access report snapshot without having the standard or run-time version of
Microsoft Access.  This ActiveX control is shipped with all versions of
Microsoft Access with exception of Access 2007.

As this is a remote code execution issue, the attacker would have access
to run any code of their choosing at the same user rights as the logged-on
user.  So those users running with reduced privileges have a more limited
risk than those running with full administrator access.

Microsoft's advisory has several recommendations on how to set a kill bit.
As tomorrow is the normally scheduled Patch Tuesday, it is likely that an
appropriate update for the ActiveX control or a kill bit update will not
be released.   With that in mind, it is recommended that appropriate steps
be taken using group policy at the same time that you roll out the updates
to your environment.

For more information on the vulnerability, please see MS Security Advisory
955179 at


191 Posts
ISC Handler
Jul 7th 2008

Sign Up for Free or Log In to start participating in the conversation!