A new vulnerability has been found in Snapshot Viewer for Microsoft Access which is being exploited. The flaw lies in the Snapshot Viewer ActiveX control, which ships with all supported versions of Microsoft Office Access except Microsoft Access 2007 according to Microsoft. Snapshot Viewer lets PC users view a Microsoft Access report without having to run the Access software itself. An attacker lure victim’s to visit specially crafted web page that tries to run the attack code on the victim’s machine.
Microsoft’s Security Advisory offers a number of possible workarounds for the problem as a stop-gap measure while its researchers investigate the flaw in greater depth.
For more details visit Microsoft Security Advisory (955179)