cvelistv5 - cve-2008-2463

CVE-2008-2463 (GCVE-0-2008-2463)

Vulnerability from cvelistv5

Published

2008-07-07 23:00

Modified

2024-08-07 09:05

Severity ?

CWE

Summary

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

References

URL

Tags

	http://www.us-cert.gov/cas/techalerts/TA08-189A.html	third-party-advisory, x_refsource_CERT
	http://www.exploit-db.com/exploits/6124	exploit, x_refsource_EXPLOIT-DB
	http://www.us-cert.gov/cas/techalerts/TA08-225A.html	third-party-advisory, x_refsource_CERT
	http://www.vupen.com/english/advisories/2008/2012/references	vdb-entry, x_refsource_VUPEN
	http://marc.info/?l=bugtraq&m=121915960406986&w=2	vendor-advisory, x_refsource_HP
	http://www.microsoft.com/technet/security/advisory/955179.mspx	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=121915960406986&w=2	vendor-advisory, x_refsource_HP
	http://www.kb.cert.org/vuls/id/837785	third-party-advisory, x_refsource_CERT-VN
	http://secunia.com/advisories/30883	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6120	vdb-entry, signature, x_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilities/43613	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/30114	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id?1020433	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:05:28.335Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA08-189A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-189A.html"
          },
          {
            "name": "6124",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/6124"
          },
          {
            "name": "TA08-225A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
          },
          {
            "name": "ADV-2008-2012",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2012/references"
          },
          {
            "name": "HPSBST02360",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/955179.mspx"
          },
          {
            "name": "SSRT080117",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
          },
          {
            "name": "VU#837785",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/837785"
          },
          {
            "name": "30883",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30883"
          },
          {
            "name": "oval:org.mitre.oval:def:6120",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6120"
          },
          {
            "name": "microsoft-snapshotviewer-code-execution(43613)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43613"
          },
          {
            "name": "30114",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30114"
          },
          {
            "name": "1020433",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020433"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "TA08-189A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-189A.html"
        },
        {
          "name": "6124",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/6124"
        },
        {
          "name": "TA08-225A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
        },
        {
          "name": "ADV-2008-2012",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2012/references"
        },
        {
          "name": "HPSBST02360",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/955179.mspx"
        },
        {
          "name": "SSRT080117",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
        },
        {
          "name": "VU#837785",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/837785"
        },
        {
          "name": "30883",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30883"
        },
        {
          "name": "oval:org.mitre.oval:def:6120",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6120"
        },
        {
          "name": "microsoft-snapshotviewer-code-execution(43613)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43613"
        },
        {
          "name": "30114",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30114"
        },
        {
          "name": "1020433",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020433"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2008-2463",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA08-189A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-189A.html"
            },
            {
              "name": "6124",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/6124"
            },
            {
              "name": "TA08-225A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
            },
            {
              "name": "ADV-2008-2012",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2012/references"
            },
            {
              "name": "HPSBST02360",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/955179.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/955179.mspx"
            },
            {
              "name": "SSRT080117",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=121915960406986\u0026w=2"
            },
            {
              "name": "VU#837785",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/837785"
            },
            {
              "name": "30883",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30883"
            },
            {
              "name": "oval:org.mitre.oval:def:6120",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6120"
            },
            {
              "name": "microsoft-snapshotviewer-code-execution(43613)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43613"
            },
            {
              "name": "30114",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30114"
            },
            {
              "name": "1020433",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020433"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2008-2463",
    "datePublished": "2008-07-07T23:00:00.000Z",
    "dateReserved": "2008-05-28T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:05:28.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-ALE-009

Vulnerability from certfr_alerte

Une vulnérabilité dans le contrôle ActiveX du Snapshot Viewer for Microsoft Access permet à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité a été identifiée dans le contrôle ActiveX snapview.ocx de Snapshot Viewer for Microsoft Access. Celle-ci peut être exploitée par une personne malintentionnée qui peut ainsi télécharger des fichiers dans des répertoires arbitraires d'une machine vulnérable, en incitant la victime à visiter une page web spécialement conçue.

Le contrôle ActiveX est signé par Microsoft et installé par défaut avec les versions 2000, XP, et 2003 de Microsoft Office Access.

La vulnérabilité est actuellement exploitée.

Contournement provisoire

Le contrôle ActiveX vulnérable peut être désactivé dans la base de registre :

Exécuter regedit.exe, puis accéder à la clé suivante :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
{F0E42D50-368C-11D0-AD81-00A0C90DC8D9} et mettre la valeur « Compatibility Flags » à 00000400.

Faire de même pour les CLSID suivants :
{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}
{F2175210-368C-11D0-AD81-00A0C90DC8D9}

Le CERTA recommande également les actions suivantes :

utiliser un navigateur alternatif tel que Mozilla Firefox, Opera, Safari, Kmeleon, etc.;
mettre à jour vers Internet Explorer 7, cocher le choix « Demander » dans l'option « Exécuter les contrôles ActiveX et les plugins », ou désactiver l'exécution des contrôles ActiveX ;
naviguer en utilisant un compte d'utilisateur aux droits limités ;
naviguer sur des sites de confiance.

Solution

Se référer au bulletin de sécurité MS08-041 de Microsoft pour l'obtention des correctifs (cf. section Documentation). Ce dernier est présenté dans l'avis CERTA-2008-AVI-413.

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office Access 2003.
Microsoft	Office	Microsoft Office Access XP ;
Microsoft	Office	Microsoft Office Access 2000 ;
Microsoft	N/A	Snapshot Viewer for Microsoft Access ;

References

Title

Publication Time

Tags

Bulletin Microsoft 955179 du 07 juillet 2008	None	vendor-advisory
Note de vulnérabilité de l'US-CERT VU#837785 du 07 juillet 2008 :	-	other
Avis du CERTA CERTA-2008-AVI-413 du 13 août 2008 :	-	other
Bulletin de sécurité Microsoft 955179 du 07 juillet 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office Access 2003.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Access XP ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Access 2000 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Snapshot Viewer for Microsoft Access ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2008-08-13",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le contr\u00f4le ActiveX snapview.ocx\nde Snapshot Viewer for Microsoft Access. Celle-ci peut \u00eatre exploit\u00e9e\npar une personne malintentionn\u00e9e qui peut ainsi t\u00e9l\u00e9charger des fichiers\ndans des r\u00e9pertoires arbitraires d\u0027une machine vuln\u00e9rable, en incitant\nla victime \u00e0 visiter une page web sp\u00e9cialement con\u00e7ue.\n\nLe contr\u00f4le ActiveX est sign\u00e9 par Microsoft et install\u00e9 par d\u00e9faut avec\nles versions 2000, XP, et 2003 de Microsoft Office Access.\n\nLa vuln\u00e9rabilit\u00e9 est actuellement exploit\u00e9e.\n\n## Contournement provisoire\n\nLe contr\u00f4le ActiveX vuln\u00e9rable peut \u00eatre d\u00e9sactiv\u00e9 dans la base de\nregistre :\n\n  \n\nEx\u00e9cuter regedit.exe, puis acc\u00e9der \u00e0 la cl\u00e9 suivante :  \n`HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet  Explorer\\ActiveX Compatibility\\`  \n`{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}` et mettre la valeur \u00ab\nCompatibility Flags \u00bb \u00e0 00000400.\n\nFaire de m\u00eame pour les CLSID suivants :  \n`{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}`  \n`{F2175210-368C-11D0-AD81-00A0C90DC8D9}`\n\n  \n\nLe CERTA recommande \u00e9galement les actions suivantes :\n\n-   utiliser un navigateur alternatif tel que Mozilla Firefox, Opera,\n    Safari, Kmeleon, etc.;\n-   mettre \u00e0 jour vers Internet Explorer 7, cocher le choix \u00ab Demander \u00bb\n    dans l\u0027option \u00ab Ex\u00e9cuter les contr\u00f4les ActiveX et les plugins \u00bb, ou\n    d\u00e9sactiver l\u0027ex\u00e9cution des contr\u00f4les ActiveX ;\n-   naviguer en utilisant un compte d\u0027utilisateur aux droits limit\u00e9s ;\n-   naviguer sur des sites de confiance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-041 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation). Ce dernier est\npr\u00e9sent\u00e9 dans l\u0027avis CERTA-2008-AVI-413.\n",
  "cves": [
    {
      "name": "CVE-2008-2463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2463"
    }
  ],
  "initial_release_date": "2008-07-08T00:00:00",
  "last_revision_date": "2008-08-13T00:00:00",
  "links": [
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#837785 du 07 juillet    2008 :",
      "url": "http://www.kb.cert.org/vuls/id/837785"
    },
    {
      "title": "Avis du CERTA CERTA-2008-AVI-413 du 13 ao\u00fbt 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-413/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft 955179 du 07 juillet 2008 :",
      "url": "http://www.microsoft.com/technet/security/advisory/955179.mspx"
    }
  ],
  "reference": "CERTA-2008-ALE-009",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-08T00:00:00.000000"
    },
    {
      "description": "publication du correctif par Microsoft.",
      "revision_date": "2008-08-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le contr\u00f4le \u003cspan class=\"textit\"\u003eActiveX\u003c/span\u003e\ndu \u003cspan class=\"textit\"\u003eSnapshot Viewer for Microsoft Access\u003c/span\u003e\npermet \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Access Snapshot Viewer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Microsoft 955179 du 07 juillet 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-413

Vulnerability from certfr_avis

Une vulnérabilité a été identifiée dans le contrôle ActiveX Snapshot Viewer de Microsoft Access. Elle a fait l'objet de l'alerte CERTA-2008-ALE-009 le 08 juillet 2008.

Description

Une vulnérabilité a été identifiée dans le contrôle ActiveX Snapshot Viewer de Microsoft Access. Ce dernier est installé par défaut avec la suite bureautique Microsoft Office. Cette vulnérabilité est exploitable par le biais d'une page Web spécialement construite par exemple afin d'exécuter du code arbitraire à distance sur un système vulnérable.

Solution

Se référer au bulletin de sécurité MS08-041 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Mise à jour du 15 octobre 2008 : Microsoft a ajouté dans son bulletin de sécurité un lien pour le correctif de la version autonome de Microsoft Access Snapshot Viewer.

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office 2003.
Microsoft	Office	Microsoft Office 2000 ;
Microsoft	N/A	Snapshot Viewer de Microsoft Access ;
Microsoft	Office	Microsoft Office 2002 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS08-041 du 12 août 2008	None	vendor-advisory
Document du CERTA CERTA-2008-ALE-009 du 08 juillet 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2003.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2000 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Snapshot Viewer de Microsoft Access ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2002 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le contr\u00f4le ActiveX Snapshot\nViewer de Microsoft Access. Ce dernier est install\u00e9 par d\u00e9faut avec la\nsuite bureautique Microsoft Office. Cette vuln\u00e9rabilit\u00e9 est exploitable\npar le biais d\u0027une page Web sp\u00e9cialement construite par exemple afin\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur un syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS08-041 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n\nMise \u00e0 jour du 15 octobre 2008 : Microsoft a ajout\u00e9 dans son bulletin de\ns\u00e9curit\u00e9 un lien pour le correctif de la version autonome de Microsoft\nAccess Snapshot Viewer.\n",
  "cves": [
    {
      "name": "CVE-2008-2463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2463"
    }
  ],
  "initial_release_date": "2008-08-13T00:00:00",
  "last_revision_date": "2008-10-15T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2008-ALE-009 du 08 juillet 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-009/index.html"
    }
  ],
  "reference": "CERTA-2008-AVI-413",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-08-13T00:00:00.000000"
    },
    {
      "description": "mise \u00e0 jour du bulletin de Microsoft.",
      "revision_date": "2008-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le contr\u00f4le ActiveX Snapshot\nViewer de Microsoft Access. Elle a fait l\u0027objet de l\u0027alerte\nCERTA-2008-ALE-009 le 08 juillet 2008.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans le contr\u00f4le ActiveX Snapshot Viewer d\u0027Access",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS08-041 du 12 ao\u00fbt 2008",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS08-041.mspx"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-2463 (GCVE-0-2008-2463)

Vulnerability from cvelistv5

CERTA-2008-ALE-009

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

CERTA-2008-AVI-413

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature