OS/Platform/Application:

Microsoft Access 2000
Microsoft Access 2002
Microsoft Access 2003
Microsoft Access Snapshot Viewer
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office XP

Category: ALERT
Severity: HIGH

Attention: Microsoft Products users, System Administrators, Desktop Support Personnel.

Summary: Multiple Internet security resources are currently reporting the existence of a vulnerability in Microsoft's ActiveX control for the Snapshot viewer for Microsoft Access.  The ActiveX control allows users to view Microsoft Access snapshot reports without having the standard or run-time versions of Microsoft Access installed on their computers.  The most likely mechanism of exploit for this vulnerability is through user interaction, e.g., a user is tricked into visiting a maliciousuly-crafted website*.  Successful exploitation of this vulnerability could result in a range of unfavorable outcomes including program crash and complete system takeover.  At the time of this writing (8:00 AM 7/8/08) no patch has yet been made available from the vendor and Internet Security Resources are reporting that active attempts to exploit this vulnerability are occurring on the public Internet.

*It is important to note that recent research into the nature and trends of maliciously-crafted sites shows the majority of websites hosting maliciously-crafted software are ones users presume to be "legitimate" sites or advertisements for well-known and/or trusted products.

Recommended Actions:  Microsoft has released Security Advisory 955179 to detail this vulnerability and to provide suggested workarounds to reduce the risk of infection until a patch has been made available.  The workarounds suggested in the advisory have differing levels of complexity and potential caveats.  Perhaps the simplest action to take against this threat is to NOT CLICK ON UNKNOWN OR UNTRUSTED LINKS OR NOT VISIT UNKNOWN OR UNTRUSTED WEBSITES.  Microsoft Products users, Microsoft system administrators and support personnel are encouraged to read Microsoft Security advisory 955179 and consider the implementation (if appropriate) of one or several of the workarounds suggested in the advisory. 

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Microsoft Security Advisory 955179:
http://www.microsoft.com/technet/security/advisory/955179.mspx

Microsoft Security Response Center Blog Entry on Vulnerability:
http://blogs.technet.com/msrc/archive/2008/07/07/snapshot-viewer-activex-control-vulnerability.aspx

SANS Advisory:
http://isc.sans.org/diary.html?storyid=4672