CVE-2008-2463

CVE Database · CVE-2008-2463

CVE-2008-2463

· N/AModified

CVSS v3.1

N/A

EPSS

58.86%

Published

Jul 7, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote File Download Exploit-DBSnapshot Viewer for Microsoft Access - ActiveX Control Arbitrary File Download (Metasploit)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Weaknesses (CWE)

CWE-94

Affected Products (3)

microsoft · office_snapshot_viewer_activexvulnerable

References (20)

http://marc.info/?l=bugtraq&m=121915960406986&w=2

http://secunia.com/advisories/30883

http://www.exploit-db.com/exploits/6124

http://www.kb.cert.org/vuls/id/837785

US Government Resource

http://www.microsoft.com/technet/security/advisory/955179.mspx

http://www.securityfocus.com/bid/30114