PT-2008-3426 · Microsoft · Works+1

Lhoang8500

Published

2008-04-21

Updated

2018-10-11

CVE-2008-1898

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Works version 7 Microsoft Office versions 2003 and 2007

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via an invalid WksPictureInterface property value. This triggers an improper function call in a certain ActiveX control in WkImgSrv.dll.

Recommendations For Microsoft Works version 7, update the WkImgSrv.dll to a version that does not contain the vulnerable ActiveX control. For Microsoft Office versions 2003 and 2007, avoid using the WksPictureInterface property until a patch is available. As a temporary workaround, consider disabling the vulnerable ActiveX control in WkImgSrv.dll until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-1898

Affected Products

Office

Works

PT-2008-3426 · Microsoft · Works+1

CVE-2008-1898

Weakness Enumeration

Related Identifiers

Affected Products

References · 10