Article ID: 827104 - Last Review: February 26, 2007 - Revision: 3.3

MS03-038 - Unchecked Buffer in Microsoft Access Snapshot Viewer May Permit Code Execution

View products that this article applies to.

On This Page

Expand all | Collapse all

SYMPTOMS

With Microsoft Access Snapshot Viewer (http://www.microsoft.com/downloads/details.aspx?familyid=B73DF33F-6D74-423D-8274-8B7E6313EDFB&displaylang=en) you can distribute a snapshot of a Microsoft Access database that permits you to view the snapshot without Access installed.

For example, you may want to send a supplier an invoice that is generated by using an Access database. Access Snapshot Viewer permits you to package the invoice in a way that your supplier can view the invoice and can print the invoice, and the supplier does not have to have Access installed.

By default, Access Snapshot Viewer is installed with all versions of Access. Access Snapshot Viewer is also available as a separate stand-alone download (http://www.microsoft.com/downloads/details.aspx?familyid=B73DF33F-6D74-423D-8274-8B7E6313EDFB&displaylang=en) . Access Snapshot Viewer is implemented by using an ActiveX control.

A vulnerability results because of a flaw in the way a function in Access Snapshot Viewer validates parameters. Because the parameters are not correctly checked, a buffer overrun can result. This may potentially permit an attacker to run code of their choice in the security context of the logged-on user.

Mitigating Factors
  • For an attack to be successful, the attacker must persuade a user to visit a malicious Web site that is under the control of the attacker.
  • The code of the attacker runs with the same permissions as the code of the user. If the permissions of the user are restricted, the permissions of the attacker are similarly restricted.
Back to the top

RESOLUTION

Security Patch Information

Download and Installation Information

Back to the top

Access 2002

If you run Access 2002, you must install the Access 2002 Runtime Security Patch. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
827430  (http://support.microsoft.com/kb/827430/ ) Overview of the Access 2002 Runtime Security Patch: September 3, 2003

Back to the top

Access 2000

If you run Access 2000, you must install the Access 2000 Runtime Security Patch. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
827431  (http://support.microsoft.com/kb/827431/ ) Overview of the Access 2000 Runtime Security Patch: September 3, 2003


Back to the top

Access 97

If you run Access 97, you must install the updated stand-alone Snapshot Viewer control. For additional information, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?familyid=B73DF33F-6D74-423D-8274-8B7E6313EDFB&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=B73DF33F-6D74-423D-8274-8B7E6313EDFB&displaylang=en)



Back to the top

Security Patch Removal

You cannot remove this security patch.

Back to the top

Security Patch Replacement Information

This security patch does not replace any other security patches.
Back to the top

REFERENCES

For additional information about Microsoft Security Bulletin MS03-038, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS03-038.mspx (http://www.microsoft.com/technet/security/bulletin/MS03-038.mspx)
Back to the top
APPLIES TO
  • Microsoft Access 2002 Standard Edition
  • Microsoft Access 2000 Standard Edition
  • Microsoft Access 97 Standard Edition
Back to the top
Keywords: 
kbqfe kbbug kbfix kbsecvulnerability kbsecurity kbsecbulletin KB827104
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers