Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104)
With Microsoft Access Snapshot Viewer, you can distribute a snapshot of a Microsoft Access database that allows the snapshot to be viewed without having Access installed. For example, a customer may want to send a supplier an invoice that is generated by using an Access database.?With Microsoft Access Snapshot Viewer, the customer can package the database so that the supplier can view it and print it without having Access installed. By default, the Microsoft Access Snapshot Viewer is installed with all versions of Access and is also available as a separate stand-alone download. The Snapshot Viewer is implemented by using an ActiveX control.
A vulnerability exists because of a flaw in the way that Snapshot Viewer validates parameters. Because the parameters are not correctly checked, a buffer overrun can occur, which could allow an attacker to execute the code of their choice in the security context of the logged-on user.
For an attack to be successful, an attacker would have to persuade a user to visit a malicious Web site that is under the attacker's control.
Disclaimer: This webpage is intended to provide you information about patch announcements for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors' websites. You can get more information by clicking the links to visit the relevant pages on the vendors' websites. Desktop Central is NOT endorsed by the vendors of the software products.