Microsoft warns of "active, targeted" ActiveX control attacks

Summary:Microsoft has issued a pre-patch security advisory to warn about "active, targeted attacks" against an ActiveX control for the  Snapshot Viewer for Microsoft Access.The skinny:An attacker could exploit the vulnerability by constructing a specially crafted Web page.

Microsoft has issued a pre-patch security advisory to warn about "active, targeted attacks" against an ActiveX control for the  Snapshot Viewer for Microsoft Access.

The skinny:

An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer.

The advisory contains information on setting the killbit to avoid the attack.  More information in this US-CERT advisory.

Topics: Software, Collaboration, Microsoft, Security, Software Development

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.