Microsoft Works WkImgSrv.dll ActiveX Control WksPictureInterface vulnerability

2009-01-08T00:00:00
ID SAINT:BFF9824195242A17582401DB6500A612
Type saint
Reporter SAINT Corporation
Modified 2009-01-08T00:00:00

Description

Added: 01/08/2009
CVE: CVE-2008-1898
BID: 28820
OSVDB: 44458

Background

Microsoft Works is a suite of productivity tools for home users.

Problem

The WkImgSrv.dll ActiveX control included in Microsoft Works allows command execution when a user loads a web page which instantiates the control with an invalid WksPictureInterface property value.

Resolution

Set the kill bit on class ID 00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6 as described in Microsoft support article 240797.

References

<http://www.milw0rm.com/exploits/5460>

Limitations

Exploit works on Microsoft Works 7 and requires a user to load the exploit page in Internet Explorer.

Internet Explorer on the target machine must treat the script server's host address as in the Local intranet zone or in the Trusted sites zone, and the option Initialize and script ActiveX controls not marked as safe must be set to Enable or Prompt, because the affected ActiveX control is not marked safe for scripting.

Platforms

Windows