Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote Exploit

CVE编号

CVE-2008-2463

利用情况

暂无

补丁情况

N/A

披露时间

2008-07-08

漏洞描述

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://secunia.com/advisories/30883
http://www.exploit-db.com/exploits/6124
http://www.kb.cert.org/vuls/id/837785
http://www.microsoft.com/technet/security/advisory/955179.mspx
http://www.securityfocus.com/bid/30114
http://www.securitytracker.com/id?1020433
http://www.us-cert.gov/cas/techalerts/TA08-189A.html
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
http://www.vupen.com/english/advisories/2008/2012/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43613
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	应用	microsoft	office_snapshot_viewer_activex	office2000	-
	运行在以下环境
	应用	microsoft	office_snapshot_viewer_activex	office_2003	-
	运行在以下环境
	应用	microsoft	office_snapshot_viewer_activex	office_xp	-

CVSS3评分 6.8

• 攻击路径 网络
• 攻击复杂度 N/A
• 权限要求 无
• 影响范围 N/A
• 用户交互 需要
• 可用性 部分地
• 保密性 部分地
• 完整性 部分地

AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-ID	漏洞类型
CWE-94	对生成代码的控制不恰当（代码注入）

Exp相关链接

• https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/ms08_041_snapshotviewer.rb
• https://www.exploit-db.com/exploits/16605
• https://www.exploit-db.com/exploits/6124

- avd.aliyun.com