Microsoft Works WkImgSrv.dll ActiveX Control WksPictureInterface vulnerability

2009-01-0800:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.7%

JSON

Added: 01/08/2009
CVE: CVE-2008-1898
BID: 28820
OSVDB: 44458

Background

Microsoft Works is a suite of productivity tools for home users.

Problem

The WkImgSrv.dll ActiveX control included in Microsoft Works allows command execution when a user loads a web page which instantiates the control with an invalid WksPictureInterface property value.

Resolution

Set the kill bit on class ID 00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6 as described in Microsoft support article 240797.

References

<http://www.milw0rm.com/exploits/5460>

Limitations

Exploit works on Microsoft Works 7 and requires a user to load the exploit page in Internet Explorer.

Internet Explorer on the target machine must treat the script server’s host address as in the Local intranet zone or in the Trusted sites zone, and the option Initialize and script ActiveX controls not marked as safe must be set to Enable or Prompt, because the affected ActiveX control is not marked safe for scripting.