Snapshot Viewer ActiveX Control Vulnerability

Hi. Bill here.


I want to let you know that we have just posted Microsoft Security Advisory 955179, which contains information regarding active, targeted attacks using a vulnerability in the Snapshot Viewer ActiveX control for Microsoft Access.


The Snapshot Viewer enables you to view a report snapshot without having the standard or run-time versions of Microsoft Office Access.


The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003.


We’ve activated our Software Security Incident Response Process (SSIRP) to investigate and have identified steps customers can take to protect themselves in the workaround section.


We encourage affected customers to implement the manual workarounds included in the Advisory, which Microsoft has tested. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors.


While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA partners to help protect customers. We will update the Advisory and this blog as new information becomes available.




Bill Sisk


*This posting is provided “AS IS” with no warranties, and confers no rights.*