Interwoven WorkSite - Active X Control Remote Code Execution

CVE-2008-1617

    Type

  • Interwoven Worksite – ActiveX Control Remote Code Execution

    • Severity

  • High

    • Affected products

  • Interwoven Worksite

    • Date

  • 2008-04-03

    • CVE Reference

  • CVE-2008-1617
Read more

Worksite is a document management and email management solution from Interwoven Inc (Interwoven). Some of the functionality of the application is made available through ActiveX controls which are distributed within the iManFile.cab file. The ActiveX controls were found to be unsafe and permit code to be executed remotely by an attacker who is able to direct a user to a website containing exploit code.

The most serious of these vulnerabilities could enable an attacker to execute arbitrary code on a user’s computer remotely. This code would be executed with the permissions of the user logged into the system. However, other vulnerabilities are present.

The vendor has addressed this vulnerability in their latest service pack (WorkSite Web 8.2 SP1 P2) available from http://worksitesupport.interwoven.com.