CVE-2008-1898

Name of the Vulnerable Software and Affected Versions Microsoft Works version 7 Microsoft Office versions 2003 and 2007

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via an invalid WksPictureInterface property value. This triggers an improper function call in a certain ActiveX control in WkImgSrv.dll.

Recommendations For Microsoft Works version 7, update the WkImgSrv.dll to a version that does not contain the vulnerable ActiveX control. For Microsoft Office versions 2003 and 2007, avoid using the WksPictureInterface property until a patch is available. As a temporary workaround, consider disabling the vulnerable ActiveX control in WkImgSrv.dll until a patch is available.