MS03-038 - Unchecked Buffer in Microsoft Access Snapshot Viewer May Permit Code Execution (827104)
The information in this article applies to:
- Microsoft Access 2002
- Microsoft Access 2000
- Microsoft Access 97
SYMPTOMSWith Microsoft Access
Snapshot Viewer you can distribute a snapshot of a
Microsoft Access database that permits you to view the snapshot without Access installed. For example, you may want to send a supplier
an invoice that is generated by using an Access database. Access Snapshot
Viewer permits you to package the invoice in a way that your supplier can
view the invoice and can print the invoice, and the supplier does not have to have Access installed. By default, Access Snapshot Viewer is installed with all versions of
Access. Access Snapshot Viewer is also available as a separate stand-alone
download. Access Snapshot Viewer is implemented by using an ActiveX control. A vulnerability
results because of a flaw in the way a function in Access Snapshot Viewer
validates parameters. Because the parameters are not correctly checked, a
buffer overrun can result. This may potentially permit an attacker to run code of
their choice in the security context of the logged-on user. Mitigating Factors- For an
attack to be successful, the attacker must persuade a user to visit a
malicious Web site that is under the control of the attacker.
- The code of the attacker runs with the same permissions as
the code of the user. If the permissions of the user are restricted, the permissions of the attacker are
similarly restricted.
RESOLUTIONSecurity Patch InformationDownload and Installation InformationAccess 2002If you run Access 2002, you must install the Access
2002 Runtime Security Patch.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
827430
Overview of the Access 2002 Runtime Security Patch: September 3, 2003
Access 2000If you run Access 2000, you must install the Access
2000 Runtime Security Patch.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
827431
Overview of the Access 2000 Runtime Security Patch: September 3, 2003
Access 97If you run Access 97, you must install the updated
stand-alone Snapshot Viewer control. For additional information, visit the following Microsoft Web site: http://www.microsoft.com/downloads/details.aspx?familyid=B73DF33F-6D74-423D-8274-8B7E6313EDFB&displaylang=enback to the topSecurity Patch RemovalYou cannot remove this security patch. Security Patch Replacement InformationThis security patch does not replace any other security
patches.
| Modification Type: | Major | Last Reviewed: | 7/25/2006 |
|---|
| Keywords: | kbQFE kbBug kbfix KbSECVulnerability kbSecurity KbSECBulletin KB827104 kbAudITPRO kbAudEndUser |
|---|
|