Vulnerability Name:

CVE-2003-0665 (CCN-13093)

Assigned:2003-09-03
Published:2003-09-03
Updated:2018-10-12
Summary:Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2003-0665

Source: CCN
Type: SA9668
Microsoft Access Snapshot Viewer Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
9668

Source: CCN
Type: CIAC Information Bulletin N-145
Microsoft Access Snapshot Viewer Buffer Overrun Vulnerability

Source: CCN
Type: US-CERT VU#992132
Microsoft Access Snapshot Viewer vulnerable to buffer overflow when validating parameters

Source: CERT-VN
Type: US Government Resource
VU#992132

Source: CCN
Type: Microsoft Security Bulletin MS03-038
Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104)

Source: CCN
Type: Microsoft Security Bulletin MS08-041
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)

Source: CCN
Type: OSVDB ID: 10998
Microsoft Access Snapshot Viewer ActiveX Control Arbitrary Command Execution

Source: BID
Type: UNKNOWN
8536

Source: CCN
Type: BID-8536
Microsoft Access Snapshot Viewer ActiveX Control Parameter Buffer Overflow Vulnerability

Source: MS
Type: UNKNOWN
MS03-038

Source: XF
Type: UNKNOWN
access-snapshot-viewer-bo(13093)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:access:97:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:access:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:access:2000:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:access:2000:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:access:2000:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:access:2002:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:access:2002:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:access:2002:sp2:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:access:97:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:access:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:access:2002:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft access 97
    microsoft access 2000
    microsoft access 2000 sp1
    microsoft access 2000 sp2
    microsoft access 2000 sp3
    microsoft access 2002
    microsoft access 2002 sp1
    microsoft access 2002 sp2
    microsoft access 97
    microsoft access 2000
    microsoft access 2002