Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-2463

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Published

2008-07-07T23:41:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	office_snapshot_viewer_activex	office_2003	Yes
Application	microsoft	office_snapshot_viewer_activex	office_xp	Yes
Application	microsoft	office_snapshot_viewer_activex	office2000	Yes

References

http://marc.info/?l=bugtraq&m=121915960406986&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=121915960406986&w=2 ([email protected])
http://secunia.com/advisories/30883 ([email protected])
http://www.exploit-db.com/exploits/6124 ([email protected])
http://www.kb.cert.org/vuls/id/837785 US Government Resource ([email protected])
http://www.microsoft.com/technet/security/advisory/955179.mspx ([email protected])
http://www.securityfocus.com/bid/30114 ([email protected])
http://www.securitytracker.com/id?1020433 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA08-189A.html US Government Resource ([email protected])
http://www.us-cert.gov/cas/techalerts/TA08-225A.html US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2008/2012/references ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/43613 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6120 ([email protected])
http://marc.info/?l=bugtraq&m=121915960406986&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=121915960406986&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30883 (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/6124 (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/837785 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.microsoft.com/technet/security/advisory/955179.mspx (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/30114 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1020433 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA08-189A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA08-225A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2012/references (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43613 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6120 (af854a3a-2127-422b-91ae-364da2661108)