The ActiveX control for the Snapshot Viewer for Microsoft Access enables users to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

The Redmond company announced that it investigates a “potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access”, which could be exploited by constructing a specially crafted Web page.

The attacks are most likely to come from compromised Web sites and Web sites that accept or host user-provided content. Specially content could exploit this vulnerability if the user visits the website.

The successful exploitation of the flaw would grant the attacker the same user rights as the local user. As always, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.