The Redmond company announced that it investigates a “potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access”, which could be exploited by constructing a specially crafted Web page.
The attacks are most likely to come from compromised Web sites and Web sites that accept or host user-provided content. Specially content could exploit this vulnerability if the user visits the website.
The successful exploitation of the flaw would grant the attacker the same user rights as the local user. As always, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.