Microsoft Works 7 'WkImgSrv.dll' ActiveX Control Remote Code Execution Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious HTML page.

UPDATE (May 6, 2008): The DeepSight Threat Analysis Team discovered that this issue is actively being exploited in the wild.

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following proof of concept and exploit are available:


 

Privacy Statement
Copyright 2010, SecurityFocus