1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. MSIE MS Snapshot ActiveX File Download

MSIE MS Snapshot ActiveX File Download

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an arbitrary-file-download vulnerability in the Snapshot Viewer for Microsoft Access ActiveX Control which may result in the download for malicious application.

Additional Information

Snapshot Viewer for Microsoft Access is an ActiveX control that allows users to view snapshots created with Microsoft Access.

The ActiveX control is prone to a vulnerability that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer. The ActiveX control can be identified by the following CLSIDs:

- F0E42D50-368C-11D0-AD81-00A0C90DC8D9
- F0E42D60-368C-11D0-AD81-00A0C90DC8D9
- F2175210-368C-11D0-AD81-00A0C90DC8D9

Attackers may exploit this issue to place malicious files at arbitrary locations on a victim's computer. This will facilitate a remote compromise.

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube