Remote Code Execution Vulnerability in Microsoft Office Snapshot Viewer
CVE-2008-2463

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Snapshot Viewer Activex
Vendor: CVE Published:; 7 July 2008

Summary

The Microsoft Office Snapshot Viewer contains a vulnerability in the snapview.ocx ActiveX control, allowing remote attackers to exploit this weakness through specially crafted HTML documents or email messages. By manipulating properties such as SnapshotPath and CompressedPath alongside the PrintSnapshot method, an attacker may download arbitrary files to the client's machine. This capability raises the risk of executing malicious code by leveraging the Startup folder.

References

http://www.us-cert.gov/cas/techalerts/TA08-189A.html

third-party-advisoryx_refsource_CERT

http://www.exploit-db.com/exploits/6124

exploitx_refsource_EXPLOIT-DB

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

third-party-advisoryx_refsource_CERT

EPSS Score

84% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 7, 2008
Vulnerability Reserved
May 28, 2008