In association with heise online

18 April 2008, 15:04

ActiveX module in Microsoft Works opens up security hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A demonstration of a security hole in the Microsoft Works Image Server (WkImgSrv.dll) ActiveX module contained in the Microsoft Works office suite has appeared on the Bugtraq mailing list. The demo appears to only cause a system crash. McAfee, however, has already found fully functional exploits which allow attackers to inject vulnerable systems with malicious code via specially crafted web pages.

The ActiveX module is not marked as "Safe for Scripting", so Internet Explorer issues a warning before executing the module. However, if a user does allow a crafted web page to execute the module, malicious code may be injected and executed on the system.

No update has been released so far. As a workaround, the kill bit can be set for ClassID 00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6. The vulnerable WkImgSrv.dll version 7.03.0616.0 and possibly other versions will then not be integrated into Internet Explorer. An article in Microsoft's knowledge base provides assistance.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit