SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Database)  >   Microsoft Access Vendors:   Microsoft
Microsoft Access Snapshot Viewer ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1007614
SecurityTracker URL:  http://securitytracker.com/id/1007614
CVE Reference:   CVE-2003-0665   (Links to External Site)
Date:  Sep 3 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 97, 2000, 2002
Description:   A vulnerability was reported in the Microsoft Access Snapshot Viewer ActiveX control. A remote user can cause arbitrary code to be executed on the target user's computer.

It is reported that a remote user can create HTML that, when loaded by the target user, will invoke the ActiveX control and trigger a buffer overflow, executing arbitrary code with the privileges of the target user. This can be achieved by using a specific function in a specific manner.

The viewer is reportedly available with all versions of Access, but is not installed by default. The viewer is also available as a standalone application.

Microsoft credits Oliver Lavery with reporting this flaw.

Impact:   A remote user can execute arbitrary code on a target user's system with the privileges of the target user.
Solution:   The vendor has issued the following patches:

For Access 2002:

http://microsoft.com/downloads/details.aspx?FamilyId=B50D4863-1BBE-4009-9DF8-52D3A916D54F&displaylang=en

http://microsoft.com/office/ork/xp/journ/snpv1001a.htm (administrative update only)

For Access 2000:

http://microsoft.com/downloads/details.aspx?FamilyId=F6CB9C8E-16E3-422D-86DD-7ED5671FB8D4&displaylang=en.

http://microsoft.com/office/ork/2000/journ/snpv0901.htm (administrative update only)

For Access 97:

Install the updated stand-alone Snapshot Viewer control, available at:

http://www.microsoft.com/AccessDev/Articles/snapshot.htm


The Microsoft Access 2002 patch can reportedly be installed on Microsoft Access 2002 with Office XP SP2 or, for the administrative update, on Office XP SP, as well. The Access 2000 patch can be installed on Microsoft Access 2000 with Office 2000 SP3. The updated stand-alone Snapshot Viewer control can be installed on all supported systems, according to the report.

A reboot is not required after applying this patch, the vendor stated.

Microsoft plans to issue Knowledge Base article 827104 regarding this issue, to be available shortly on the Microsoft Online Support web site:

http://www.microsoft.com/technet/security/bulletin/%94http://search.support.microsoft.com/kb/c.asp?SD=SO&LN=EN-US%94

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS03-038.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  http://www.microsoft.com/technet/security/bulletin/MS03-038.asp


http://www.microsoft.com/technet/security/bulletin/MS03-038.asp

Microsoft Security Bulletin MS03-038

Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104)

Maximum Severity Rating: Moderate

CVE:  CAN-2003-0665

Affected Versions:

         * Microsoft Access 97
         * Microsoft Access 2000
         * Microsoft Access 2002


A vulnerability was reported in the Microsoft Access Snapshot Viewer ActiveX control.  A 
remote user can cause arbitrary code to be executed on the target user's computer.

It is reported that a remote user can create HTML that, when loaded by the target user, 
will invoke the ActiveX control and trigger a buffer overflow, executing arbitrary code 
with the privileges of the target user.  This can be achieved by using a specific function 
in a specific manner.

The viewer is reportedly available with all versions of Access, but is not installed by 
default.  The viewer is also available as a standalone application.

Microsoft credits Oliver Lavery with reporting this flaw.

The vendor has issued the following patches:

For Access 2002:

http://microsoft.com/downloads/details.aspx?FamilyId=B50D4863-1BBE-4009-9DF8-52D3A916D54F&displaylang=en

http://microsoft.com/office/ork/xp/journ/snpv1001a.htm (administrative update only)

For Access 2000:

http://microsoft.com/downloads/details.aspx?FamilyId=F6CB9C8E-16E3-422D-86DD-7ED5671FB8D4&displaylang=en.

http://microsoft.com/office/ork/2000/journ/snpv0901.htm (administrative update only)

For Access 97:

Install the updated stand-alone Snapshot Viewer control, available at:

http://www.microsoft.com/AccessDev/Articles/snapshot.htm


The Microsoft Access 2002 patch can reportedly be installed on Microsoft Access 2002 with 
Office XP SP2 or, for the administrative update, on Office XP SP, as well.  The Access 
2000 patch can be installed on Microsoft Access 2000 with Office 2000 SP3.  The updated 
stand-alone Snapshot Viewer control can be installed on all supported systems, according 
to the report.

A reboot is not required after applying this patch, the vendor stated.

Microsoft plans to issue Knowledge Base article 827104 regarding this issue, to be 
available shortly on the Microsoft Online Support web site:

http://www.microsoft.com/technet/security/bulletin/%94http://search.support.microsoft.com/kb/c.asp?SD=SO&LN=EN-US%94





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC