|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Microsoft Access Snapshot Viewer Buffer Overflow
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Sep 03 2003 - 16:02:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Microsoft Access Snapshot Viewer Buffer Overflow
SECUNIA ADVISORY ID:
SA9668
VERIFY ADVISORY:
http://www.secunia.com/advisories/9668/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Microsoft Access Snapshot Viewer
Microsoft Access 97
Microsoft Access 2000
Microsoft Access 2002
Microsoft Internet Explorer 6
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.01
DESCRIPTION:
A vulnerability has been identified in Microsoft Access Snapshot
Viewer ActiveX control potentially allowing malicious HTML documents
and Microsoft Access Snapshot files to cause a buffer overflow.
The problem is that Microsoft Access Snapshot Viewer doesn't verify
certain parameters properly. This allows malicous people to create
snapshot files, which may cause a buffer overflow and execute
arbitrary code.
Since the vulnerability exists in a digitally signed ActiveX control
this also affects any Internet Explorer, which allows execution of
ActiveX. Any site or person may re-introduce this vulnerability until
the next update for Internet Explorer, which will set the kill-bit on
the vulnerable ActiveX component.
SOLUTION:
Secunia recommends that you disallow ActiveX for all sites and then
only allow ActiveX on a "per site" basis.
Access 2002:
http://microsoft.com/downloads/details.aspx?FamilyId=B50D4863-1BBE-4009-9DF8-52D3A916D54F&displaylang=en
http://microsoft.com/office/ork/xp/journ/snpv1001a.htm
(administrative update only)
Access 2000:
http://microsoft.com/downloads/details.aspx?FamilyId=F6CB9C8E-16E3-422D-86DD-7ED5671FB8D4&displaylang=en.
http://microsoft.com/office/ork/2000/journ/snpv0901.htm
(administrative update only)
Access 97:
Install the updated stand-alone Snapshot Viewer control:
http://www.microsoft.com/AccessDev/Articles/snapshot.htm
Stand-alone Snapshot Viewer Control:
http://www.microsoft.com/AccessDev/Articles/snapshot.htm
REPORTED BY / CREDITS:
Oliver Lavery
ORIGINAL ADVISORY:
http://www.microsoft.com/technet/security/bulletin/MS03-038.asp
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]