Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1898

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1898
Last Modified 07 Oct 2009 12:00:00
Published 21 Apr 2008 01:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1898

Summary

A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.

Vulnerable Systems

Application

  • Microsoft Office 2003

  • Microsoft Office 2007

  • Microsoft Works 7.0


References

XF - microsoft-works-wkimgsrv-dos(41876)

BID - 28820

BUGTRAQ - 20080417 Microsoft Works 7 WkImgSrv.dll crash POC

MILW0RM - 5530

MILW0RM - 5460

MISC - http://blogs.technet.com/swi/archive/2008/06/05/why-there-wont-be-a-security-update-for-wkimgsrv-dll.aspx

FULLDISC - 20080502 Microsoft Work ActiveX Insecure Method Exploit


Last Updated: 27 May 2016 10:47:41