Content
Microsoft Works WkImgSrv.dll ActiveX Vulnerability
- Type
- Buffer Overflow
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- High
- CVE reference
- CVE-2008-1898,
- Vendor Status
- Unacknowledged
- Vulnerable systems
- Works 7.0,
- Summary
- A vulnerability is present in Microsoft Works that may allow for denial-of-service or code-execution attacks.
Tab Navigation
Description
Microsoft Works is a productivity application that allows the user to manage tasks. A vulnerability is present in Microsoft Works that may allow for denial-of-service or code-execution attacks. The flaw lies in the WkImgSrv.dll ActiveX component. Exploitation would involve a victim being coerced to a malicious Web site and allowing the ActiveX Control to be run.
McAfee Product Mitigation & Recommendations
Recommendations
McAfee Avert Labs is not aware of a vendor supplied patch/update at this time.
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- Microsoft Works WkImgSrv.dll ActiveX Vulnerability
- Signature identifier:
- 5836
- Release date:
- 4/22/2008
All Information
Timeline -
4/28/2008
Exploit code has been released.
4/17/2008
Vulnerability information has been publicly disclosed.
4/17/2008
A proof-of-concept exploit has become public.
Description -
Microsoft Works is a productivity application that allows the user to manage tasks. A vulnerability is present in Microsoft Works that may allow for denial-of-service or code-execution attacks. The flaw lies in the WkImgSrv.dll ActiveX component. Exploitation would involve a victim being coerced to a malicious Web site and allowing the ActiveX Control to be run.
McAfee Product Mitigation & Recommendations
Recommendations -
McAfee Avert Labs is not aware of a vendor supplied patch/update at this time.
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- Microsoft Works WkImgSrv.dll ActiveX Vulnerability
- Signature identifier:
- 5836
- Release date:
- 4/22/2008
