Microsoft researchers have warned users of a new potential attack on its Snapshot Viewer ActiveX control, which allows users to view Access report snapshot without using the standard version of Microsoft Office Access.
Researchers stated that all versions of Microsoft Access, except for MS Access 2007, are prone to the probable attack, and the attack would be targeted and not widespread.
The attacker would create a malicious web page that would, if clicked, download malware on victim’s computer, and after infecting the user’s PC, the attacker will take over all the login rights of the original user, researchers cautioned.
Microsoft hasn’t issued any fix for this flaw yet, however the company has highlighted several workarounds users can employ to avoid the attack.
The company has put forward solutions to set kill-bit in order to disable the ActiveX control, this includes, restraining COM objects from running in Internet Explorer.
The researchers also suggested that the Registry Editor shouldn’t be accessed improperly, as any damage done due to this may result into complete reinstallation of the operating systems.