Intrusion Prevention



This indicates an attempt to exploit a remote Code Execution vulnerability in Microsoft Works 7.
The vulnerability lies in the "WkImgSrv.dll" ActiveX control. It allows an attacker to execute arbitrary code with the privileges of the current user.

Affected Products

Microsoft Works 7


System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Set the kill bit for the CLSID "00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6" by following the steps at:

CVE References