CVE-2008-1898
EXPLOITEDWkImgSrv.dll 7.03.0616.0 - RCE
Title source: llmDescription
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16649
exploitdb
WORKING POC
VERIFIED
by lhoang8500 · htmlremotewindows
https://www.exploit-db.com/exploits/5530
exploitdb
WORKING POC
VERIFIED
by Shennan Wang · htmldoswindows
https://www.exploit-db.com/exploits/5460
metasploit
WORKING POC
LOW
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/msworks_wkspictureinterface.rb
References (7)
Scores
EPSS
0.7739
EPSS Percentile
99.0%
Details
VulnCheck KEV
2011-04-21
CWE
CWE-20
Status
published
Products (3)
microsoft/office
2003
microsoft/office
2007
microsoft/works
7.0
Published
Apr 21, 2008
Tracked Since
Feb 18, 2026