QwikSec

Security Database

CVE

CWE

Training

CVE-2008-1898

Published: Apr 21, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blogs.technet.com/swi/archive/2008/06/05/why-there-wont-be-a-security-update-for-wkimgsrv-dll.aspx

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

20080502 Microsoft Work ActiveX Insecure Method Exploit

mailing-list

x_refsource_FULLDISC

20080417 Microsoft Works 7 WkImgSrv.dll crash POC

mailing-list

x_refsource_BUGTRAQ

exploit

x_refsource_EXPLOIT-DB

microsoft-works-wkimgsrv-dos(41876)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.