Microsoft on Monday issued a defense advisory to warn users about attacks targeting a vulnerability in the ActiveX control for the Snapshot Viewer in the Microsoft Access database management system.

Microsoft said it is investigating active, targeted attacks. “When a user views the Web page, the vulnerability could allow remote cipher execution,” Microsoft said in its shield advisory. “An attacker who successfully exploited that vulnerability could gain the same user rights as the logged-on user.”

The ActiveX control for the Snapshot Viewer enables users to view a Microsoft Access report snapshot without having the standard or run-time versions of Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

How it Works

In a Web-based scenario, an attacker could host a Web site with a page used to exploit that vulnerability. Or compromised Web sites and sites that accept user-provided composition could contain specially

crafted cipher to exploit the vulnerability. An attacker would have to convince users to visit the corrupted Web site, typically by getting them to go a link in an e-mail or an instant note, Microsoft said.

A successful attacker could gain the same user rights as the real user. Users whose accounts have fewer rights could be less impacted than users who have administrative rights, according to Microsoft.

By default, World Wide Web Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode known as Enhanced safety measure Configuration. that mode sets the protection level for the World Wide Web zone to high and is a mitigating factor for Web sites not added to the trusted-sites zone, Microsoft said.

An Out-Of-Cycle Workaround

Microsoft isn’t in the habit of issuing out-of-cycle workarounds. But Carole Theriault, a shield analyst at Sophos, is glad to see Redmond trying to help users…

Original post by Top Tech News