Microsoft Cautions Users About ActiveX Vulnerability

A vulnerability in the ActiveX control for Microsoft's Snapshot Viewer can lead to remote code execution. According to a security advisory released by Microsoft earlier this week, successful exploitation of this vulnerability could provide an attacker with the same user rights on a victim's machine as the logged-on user. Someone operating with administrative rights would be in great danger at this point.

The company is currently investigating active, targeted attacks which are being initiated by tricking users into viewing specially crafted Web content through the Internet Explorer browser. You may be at risk if you have any version of Microsoft Office Access other than Access 2007 installed, or if you have installed the standalone version of Snapshot Viewer.

Until the vulnerability itself is fixed, Microsoft has issued a few workarounds which help block known attack vectors. Each of the workarounds involve the IE browser and have their own unique level of impact.