CVE-2008-2463

medium

Microsoft

CVSS v3 Base Score

6.8

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Score

84.1%

Exploitation probability in 30 days

Top 1% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Published: July 7, 2008 (6519 days ago)

Last Modified: April 23, 2026

Vendor: Microsoft

Source: NVD

Description

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

CWE

CWE-94

Affected Products

microsoft office snapshot viewer activex

References

🔗 marc.info 🔗 secunia.com 🔗 www.exploit-db.com 🔗 www.kb.cert.org 🔗 www.microsoft.com

CVE-2008-2463

Vulnerability Report

Description

CWE

Affected Products

References