CVE-2008-2463

Published: Jul 7, 2008Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected (3)

Products: Microsoft: Office Snapshot Viewer Activex

1 product

Office Snapshot Viewer Activex

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office Snapshot Viewer Activex	Version office2000
Microsoft Office Snapshot Viewer Activex	Version office_2003
Microsoft Office Snapshot Viewer Activex	Version office_xp

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (24)

http://marc.info/?l=bugtraq&m=121915960406986&w=2

Source: cret@cert.org

http://secunia.com/advisories/30883

Source: cret@cert.org

http://www.exploit-db.com/exploits/6124

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/837785

Source: cret@cert.org

US Government Resource

http://www.microsoft.com/technet/security/advisory/955179.mspx

Source: cret@cert.org

http://www.securityfocus.com/bid/30114

Source: cret@cert.org

http://www.securitytracker.com/id?1020433

Source: cret@cert.org

http://www.us-cert.gov/cas/techalerts/TA08-189A.html

Source: cret@cert.org

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

Source: cret@cert.org

US Government Resource

http://www.vupen.com/english/advisories/2008/2012/references

Source: cret@cert.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/43613

Source: cret@cert.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6120

Source: cret@cert.org

http://marc.info/?l=bugtraq&m=121915960406986&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30883

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/6124

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/837785

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.microsoft.com/technet/security/advisory/955179.mspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30114

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020433

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA08-189A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2008/2012/references

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/43613

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6120

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.