Microsoft Office WordPerfect converter buffer overflow
| office-wordperfect-bo (13091) |  High Risk |
Description:
Microsoft Office, Microsoft FrontPage, Microsoft Publisher, and Microsoft Works Suite are vulnerable to a buffer overflow, caused by improper bounds checking by the Microsoft WordPerfect converter. The Microsoft WordPerfect converter, which is installed by default in these products, allows users to convert from WordPerfect documents to Microsoft Word documents. A remote attacker could create a specially-crafted WordPerfect document to overflow a buffer and execute arbitrary code on the system with privileges of the victim, once the document is opened by a program that uses Microsoft WordPerfect converter. An attacker could exploit this vulnerability by sending the malicious document to a victim in an email.
Platforms Affected:
- Microsoft, FrontPage 2000
- Microsoft, FrontPage 2002
- Microsoft, Office 2000
- Microsoft, Office 97
- Microsoft, Office XP
- Microsoft, Publisher 2000
- Microsoft, Publisher 2002
- Microsoft, Word 98 ja
- Microsoft, Works 2001
- Microsoft, Works 2002
- Microsoft, Works 2003
Remedy:
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Wed Sep 03 2003 - 14:21:49 CDT , Microsoft WordPerfect Document Converter Buffer Overflow at http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0092.html.
- CIAC Information Bulletin N-143, Microsoft WordPerfect Converter Buffer Overrun Vulnerability at http://www.ciac.org/ciac/bulletins/n-143.shtml.
- Microsoft Security Bulletin MS03-036, Buffer Overrun in WordPerfect Converter Could Allow Code Execution (827103) at http://www.microsoft.com/technet/security/bulletin/ms03-036.mspx.
- Microsoft Security Bulletin MS04-027, Vulnerability in WordPerfect Converter Could Allow Code Execution (884933) at http://www.microsoft.com/technet/security/bulletin/ms04-027.mspx.
- Microsoft Security Bulletin MS09-010, Vulnerabilities in WordPad and Office Text Converters could allow Remote Code Execution (960477) at http://www.microsoft.com/technet/security/bulletin/ms09-010.mspx.
- BID-8538: Microsoft WordPerfect Converter Buffer Overrun Vulnerability
- CVE-2003-0666: Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file.
- OSVDB ID: 10006: Microsoft WordPerfect Converter Corel File Multiple Parameter Remote Overflow
Reported:
Sep 03, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net