CVE-2008-2463
MEDIUMEPSS 99th pctlDescription
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVSS v2 Vector
No CVSS vector data available.
Exploit Intelligence
Very high risk: more likely to be exploited than 99% of all known CVEs.
References
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://secunia.com/advisories/30883
- http://www.exploit-db.com/exploits/6124
- http://www.kb.cert.org/vuls/id/837785
- http://www.microsoft.com/technet/security/advisory/955179.mspx
- http://www.securityfocus.com/bid/30114
- http://www.securitytracker.com/id?1020433
- http://www.us-cert.gov/cas/techalerts/TA08-189A.html
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.vupen.com/english/advisories/2008/2012/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43613
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6120
Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-23.