With
Microsoft Access
Snapshot Viewer you can distribute a snapshot of a
Microsoft Access database that permits you to view the snapshot without Access installed.
For example, you may want to send a supplier
an invoice that is generated by using an Access database. Access Snapshot
Viewer permits you to package the invoice in a way that your supplier can
view the invoice and can print the invoice, and the supplier does not have to have Access installed.
By default, Access Snapshot Viewer is installed with all versions of
Access. Access Snapshot Viewer is also available as a separate stand-alone
download. Access Snapshot Viewer is implemented by using an ActiveX control.
A vulnerability
results because of a flaw in the way a function in Access Snapshot Viewer
validates parameters. Because the parameters are not correctly checked, a
buffer overrun can result. This may potentially permit an attacker to run code of
their choice in the security context of the logged-on user.
Mitigating Factors- For an
attack to be successful, the attacker must persuade a user to visit a
malicious Web site that is under the control of the attacker.
- The code of the attacker runs with the same permissions as
the code of the user. If the permissions of the user are restricted, the permissions of the attacker are
similarly restricted.