Microsoft Office WordPerfect converter buffer overflow
| office-wordperfect-bo (13091) |  High Risk |
Description:
Microsoft Office, Microsoft FrontPage, Microsoft Publisher, and Microsoft Works Suite are vulnerable to a buffer overflow, caused by improper bounds checking by the Microsoft WordPerfect converter. The Microsoft WordPerfect converter, which is installed by default in these products, allows users to convert from WordPerfect documents to Microsoft Word documents. A remote attacker could create a specially-crafted WordPerfect document to overflow a buffer and execute arbitrary code on the system with privileges of the victim, once the document is opened by a program that uses Microsoft WordPerfect converter. An attacker could exploit this vulnerability by sending the malicious document to a victim in an email.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
References:
- BugTraq Mailing List, Wed Sep 03 2003 - 14:21:49 CDT : Microsoft WordPerfect Document Converter Buffer Overflow.
- CIAC Information Bulletin N-143: Microsoft WordPerfect Converter Buffer Overrun Vulnerability.
- Microsoft Security Bulletin MS03-036: Buffer Overrun in WordPerfect Converter Could Allow Code Execution (827103).
- Microsoft Security Bulletin MS04-027: Vulnerability in WordPerfect Converter Could Allow Code Execution (884933).
- Microsoft Security Bulletin MS09-010: Vulnerabilities in WordPad and Office Text Converters could allow Remote Code Execution (960477).
- Microsoft Security Bulletin MS09-073: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539).
- BID-8538: Microsoft WordPerfect Converter Buffer Overrun Vulnerability
- CVE-2003-0666: Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file.
- OSVDB ID: 10006: Microsoft WordPerfect Converter Corel File Multiple Parameter Remote Overflow
Platforms Affected:
- Microsoft FrontPage 2000
- Microsoft FrontPage 2002
- Microsoft Office 2000
- Microsoft Office 97
- Microsoft Office XP
- Microsoft Publisher 2000
- Microsoft Publisher 2002
- Microsoft Word 98 ja
- Microsoft Works 2001
- Microsoft Works 2002
- Microsoft Works 2003
Reported:
Sep 03, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net