CVE-2008-2463
EXPLOITEDMicrosoft Office Snapshot Viewer Activex - Code Injection
Title source: ruleDescription
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16605
metasploit
WORKING POC
EXCELLENT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms08_041_snapshotviewer.rb
References (12)
Scores
EPSS
0.8409
EPSS Percentile
99.3%
Details
VulnCheck KEV
2008-10-15
CWE
CWE-94
Status
published
Products (3)
microsoft/office_snapshot_viewer_activex
office_2003
microsoft/office_snapshot_viewer_activex
office_xp
microsoft/office_snapshot_viewer_activex
office2000
Published
Jul 07, 2008
Tracked Since
Feb 18, 2026