For example, you may want to send a supplier an invoice that is generated by using an Access database. Access Snapshot Viewer permits you to package the invoice in a way that your supplier can view the invoice and can print the invoice, and the supplier does not have to have Access installed.
By default, Access Snapshot Viewer is installed with all versions of Access. Access Snapshot Viewer is also available as a separate stand-alone download. Access Snapshot Viewer is implemented by using an ActiveX control.
A vulnerability results because of a flaw in the way a function in Access Snapshot Viewer validates parameters. Because the parameters are not correctly checked, a buffer overrun can result. This may potentially permit an attacker to run code of their choice in the security context of the logged-on user.
For an attack to be successful, the attacker must persuade a user to visit a malicious Web site that is under the control of the attacker.
The code of the attacker runs with the same permissions as the code of the user. If the permissions of the user are restricted, the permissions of the attacker are similarly restricted.