Description: A vulnerability has been identified in Microsoft Access Snapshot Viewer ActiveX control potentially allowing malicious HTML documents and Microsoft Access Snapshot files to cause a buffer overflow.
The problem is that Microsoft Access Snapshot Viewer doesn't verify certain parameters properly. This allows malicous people to create snapshot files, which may cause a buffer overflow and execute arbitrary code.
Since the vulnerability exists in a digitally signed ActiveX control this also affects any Internet Explorer, which allows execution of ActiveX. Any site or person may re-introduce this vulnerability until the next update for Internet Explorer, which will set the kill-bit on the vulnerable ActiveX component.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution: Secunia recommends that you disallow ActiveX for all sites and then only allow ActiveX on a "per site" basis.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
