Intrusion Prevention

MS.Works.WkImgSrv.DLL.ActiveX.Control.Access

Description

This indicates an attempt to exploit a remote code-execution vulnerability in Microsoft Works 7.
The vulnerability lies in the WkImgSrv.dll ActiveX control. It allows an attacker to execute arbitrary code with the privileges of the current user.

Affected Products

Microsoft Works 7

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Set the kill bit on the CLSID "00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6" by following the steps at: http://support.microsoft.com/kb/240797

CVE References

CVE-2008-1898