7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.089 Low
EPSS
Percentile
94.6%
A remotely exploitable vulnerability exists in the Microsoft Access Snapshot Viewer ActiveX control. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the local system with the privileges of the current user.
According to Microsoft’s Security Bulletin MS03-038, a buffer overflow vulnerability exists in the ActiveX control that is used to view Microsoft Access databases without having Microsoft Access installed. The buffer overflow occurs in the code that validates parameters for the Snapshot Viewer control. This vulnerability can be exploited via a malicious webpage, HTML-parsed email or any application that recognizes and launches ActiveX controls. A victim must visit a malicious site, or open a malicious message to be exploited. This control is not installed by default, but can be installed with Access, or as a stand-alone control.
Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the local system with the privileges of the current user.
Apply the patch from Microsoft’s Security Bulletin MS03-038.
992132
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: September 04, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.microsoft.com/technet/security/bulletin/MS03-038.asp>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23992132 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to the Microsoft Security team for reporting this vulnerability.
This document was written by Jason A Rafail.
CVE IDs: | CVE-2003-0665 |
---|---|
Severity Metric: | 16.88 Date Public: |