Name:
MS.Works.WkImgSrv.DLL.ActiveX.Control.Access
Released Date:
Apr 25 2008
Severity:
high
CVE:
2008-1898
Bugtraq:
28820
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
Description
This indicates an attempt to exploit a remote code-execution vulnerability in Microsoft Works 7.
The vulnerability lies in the WkImgSrv.dll ActiveX control. It allows an attacker to execute arbitrary code with the privileges of the current user.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service: Remote attackers can crash vulnerable systems.
Affected Products
Microsoft Works 7
Aliases
References
http://www.securityfocus.com/bid/28820
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1898
http://www.milw0rm.com/exploits/5530
http://www.milw0rm.com/exploits/5460
Recommended Actions
Set the kill bit on the CLSID "00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6" by following the steps at: http://support.microsoft.com/kb/240797
SITE MAP
|
LEGAL NOTICES
© 2003 FORTINET INC. ALL RIGHTS RESERVED
