Critical : Extremely critical
Impact : System access
Where : From remote
Solution Status : Vendor WorkaroundSoftware :
Microsoft Access 2000
Microsoft Access 2002
Microsoft Access 2003
Microsoft Access Snapshot Viewer
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office XPCVE reference : CVE-2008-2463 (Secunia mirror)
Solution : The vendor recommends setting the kill-bit.Provided and/or discovered by : Reported as a 0-day.
Original Advisory : Microsoft:
http://www.microsoft.com/technet/security/advisory/955179.mspx
http://blogs.technet.com/msrc/archive...er-activex-control-vulnerability.aspx
KillBitあとで確認
追記
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution - Microsoft Security Advisory (955179)
Suggested Actions
Workarounds
Prevent COM objects from running in Internet Explorer
You can disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry.
Paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}]
"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}]
"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2175210-368C-11D0-AD81-00A0C90DC8D9}]
"Compatibility Flags"=dword:00000400
Windows XP SP3 + Access2003 SP3 な環境で調べてみましたが、既に
のKillBitは設定されていたので
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}]
"AlternateCLSID"="{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}"
"Compatibility Flags"=dword:00000400
のみ設定。
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}]
"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2175210-368C-11D0-AD81-00A0C90DC8D9}]
"Compatibility Flags"=dword:00000400
関連スレッド
AccessのSnapshot ViewerのActiveXコントロールに脆弱性あり、修正プログラム未提供 - HotFix Report BBS
追記
Snapshot Viewer for Microsoft Access の ActiveX コントロールの脆弱性により、リモートでコードが実行される - マイクロソフト セキュリティ アドバイザリ (955179)
追記
Windows XP SP3 + Access2003 SP3 な環境のPC4台で確認しましたが、1台は{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}に対するKillBitが設定されていませんでした。他の3台とその1台の設定等の差異は不明です。
# なんかのパッチ当て忘れてたのかな?(汗
