Lucene search

[email protected]CVE-2008-1898

HistoryApr 21, 2008 - 5:05 p.m.

CVE-2008-1898

2008-04-2117:05:00

CWE-20

[email protected]

web.nvd.nist.gov

security

vulnerability

activex

wkimgsrv.dll

microsoft works

microsoft office

cve-2008-1898

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.967 High

EPSS

Percentile

99.7%

JSON

A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.

Affected configurations

NVD

Node

microsoftofficeMatch2003

microsoftofficeMatch2007

microsoftworksMatch7.0

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2003
microsoft:officemicrosoft officeeq2007
microsoft:worksmicrosoft workseq7.0

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2003
microsoft:office	microsoft office	eq	2007
microsoft:works	microsoft works	eq	7.0

References

archives.neohapsis.com/archives/fulldisclosure/2008-05/0029.html

blogs.technet.com/swi/archive/2008/06/05/why-there-wont-be-a-security-update-for-wkimgsrv-dll.aspx

www.securityfocus.com/archive/1/491027/100/0/threaded

www.securityfocus.com/bid/28820

exchange.xforce.ibmcloud.com/vulnerabilities/41876

www.exploit-db.com/exploits/5460

www.exploit-db.com/exploits/5530

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.967 High

EPSS

Percentile

99.7%

JSON

Related for CVE-2008-1898

packetstorm1 saint4 checkpoint_advisories1 prion1 cvelist1 nvd1 d21