Reported September 3, 2003, by Microsoft.

 

VERSIONS AFFECTED

 

  • Microsoft Access 2002, 2000, and 97

 

DESCRIPTION

 

A Microsoft Access vulnerability can result in the execution of arbitrary code on the vulnerable system. Because the Snapshot Viewer doesn't correctly validate parameters, a buffer overrun can permit an attacker to execute code of his or her choice under the logged-on user's security context.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-038, "Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Discovered by Oliver Lavery.