CVE-2008-1898
Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Denial of Service (PoC)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
Un cierto control ActiveX en la biblioteca WkImgSrv.dll versión 7.03.0616.0, tal como se distribuye en Microsoft Works 7 y Microsoft Office 2003 y 2007, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo del navegador) por medio de un valor de propiedad WksPictureInterface no válido, que desencadena una llamada de función inapropiada.
The Microsoft Works ActiveX control (WkImgSrv.dll) could allow a remote attacker to execute arbitrary code on a system. By passing a negative integer to the WksPictureInterface method, an attacker could execute arbitrary code on the system with privileges of the victim. Change 168430090 /0X0A0A0A0A to 202116108 / 0x0C0C0C0C FOR IE6. This control is not marked safe for scripting, please choose your attack vector carefully.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-04-21 CVE Reserved
- 2008-04-21 CVE Published
- 2010-09-25 First Exploit
- 2024-08-07 CVE Updated
- 2024-08-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://blogs.technet.com/swi/archive/2008/06/05/why-there-wont-be-a-security-update-for-wkimgsrv-dll.aspx | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/491027/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41876 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/5460 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/5530 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/16649 | 2010-09-25 | |
| http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0029.html | 2024-08-07 | |
| http://www.securityfocus.com/bid/28820 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2003 Search vendor "Microsoft" for product "Office" and version "2003" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Works Search vendor "Microsoft" for product "Works" | 7.0 Search vendor "Microsoft" for product "Works" and version "7.0" | - |
Affected
| ||||||