Release DateApr 25, 2008 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems.Denial of Service: Remote attackers can crash vulnerable systems. |
DescriptionThis indicates an attempt to exploit a remote code-execution vulnerability in Microsoft Works 7.The vulnerability lies in the WkImgSrv.dll ActiveX control. It allows an attacker to execute arbitrary code with the privileges of the current user. |
Affected ProductsMicrosoft Works 7 |
Recommended ActionsSet the kill bit on the CLSID "00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6" by following the steps at: http://support.microsoft.com/kb/240797 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-1898 |
Reference/shttp://www.milw0rm.com/exploits/5460http://www.milw0rm.com/exploits/5530 http://www.securityfocus.com/bid/28820 (BugTraq) |
