FYI...

- http://securitylabs.websense.com/con...logs/3148.aspx
08.01.2008 - "...We've been closely monitoring this exploit since its release, and are now tracking several hundred occurrences in the wild, found mostly in China. There is currently no patch available, but Microsoft has several workarounds listed in their advisory. We recommend setting the killbit for this ActiveX control on all workstations where it is installed.
Vulnerable ActiveX CLSIDs:
* F0E42D50-368C-11D0-AD81-00A0C90DC8D9
* F0E42D60-368C-11D0-AD81-00A0C90DC8D9
* F2175210-368C-11D0-AD81-00A0C90DC8D9
This vulnerability is a simple design flaw, and does not require any complicated exploit code. Attackers are able to compromise remote systems simply by calling methods provided by the Snapshot Viewer ActiveX control. This is very similar to the November 9, 2005 ADODB.Stream vulnerability, which was widely taken advantage of because it was easy to exploit. Luckily, the vulnerable ActiveX control does NOT appear in a default Microsoft Windows installation. It does appear, however, to be included by default with Microsoft Office 2000 - 2003."

- http://www.symantec.com/security_res...atconlearn.jsp
"The ThreatCon is at level 2. On August 1, 2008, a new attack vector for the Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability (BID 30114) was identified being exploited in the wild. This vulnerability is currently unpatched. Microsoft Access ActiveX Control Arbitrary File Download Vulnerability ( http://www.securityfocus.com/bid/30114 ) Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access ( http://www.microsoft.com/technet/sec...ry/955179.mspx ) The new attack vector allows an attacker to install a vulnerable version of the ActiveX control on target systems that did not originally contain the associated software. This is possible because the control is digitally signed and marked safe for scripting by Microsoft. This is known to affect users of Internet Explorer 6. Note that Internet Explorer 7 requires user interaction to confirm the installation of the ActiveX control. As a result of this discovery, we urge all Microsoft Windows users, even those whose systems do not currently have the vulnerable control installed, to set the kill bit on the three CLSIDs associated with Snapshot Viewer.
F0E42D50-368C-11D0-AD81-00A0C90DC8D9
F0E42D60-368C-11D0-AD81-00A0C90DC8D9
F2175210-368C-11D0-AD81-00A0C90DC8D9
For instructions on how to set the kill bit on an ActiveX control, please see the following article: Microsoft Knowledge Base Article 240797 (Microsoft) Microsoft ( http://support.microsoft.com/kb/240797 )."