Microsoft WordPerfect converter long message buffer overflow
| wordperfect-converter-message-bo (17306) |  High Risk |
Description:
Microsoft Office, Microsoft Word, Microsoft FrontPage, Microsoft Publisher, and Microsoft Works Suite are vulnerable to a buffer overflow, caused by improper bounds checking by the Microsoft WordPerfect converter. The Microsoft WordPerfect converter, which is installed by default in these products, allows users to convert from Corel WordPerfect documents to Microsoft Word documents. A remote attacker could create a WordPerfect document with a long message to overflow a buffer and execute arbitrary code on the system with privileges of the victim, once the document is opened by a program that uses Microsoft WordPerfect converter. A remote attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending the malicious document to a victim as an email attachment.
Note: This vulnerability is different than the vulnerability addressed in Microsoft Bulletin MS03-036.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
References:
- CIAC Information Bulletin 0-214: Windows Vulnerability in WordPerfect Converter Could Allow Code Execution.
- Microsoft Security Bulletin MS04-027: Vulnerability in WordPerfect Converter Could Allow Code Execution (884933).
- Microsoft Security Bulletin MS09-010: Vulnerabilities in WordPad and Office Text Converters could allow Remote Code Execution (960477).
- Microsoft Security Bulletin MS09-073: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539).
- NGSSoftware Insight Security Research Advisory #NISR14092004: Microsoft WordPerfect 5.x Converter Heap Overflow.
- BID-11172: Microsoft WordPerfect Converter Remote Buffer Overflow Vulnerability
- CVE-2004-0573: Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
- SA12529: Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability
- SECTRACK ID: 1011249: Microsoft Office Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
- SECTRACK ID: 1011250: Microsoft FrontPage Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
- SECTRACK ID: 1011251: Microsoft Publisher Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
- SECTRACK ID: 1011252: Microsoft Works Suite Buffer Overflow in WordPerfect Converter Lets Remote Users Execute Arbitrary Code
- US-CERT VU#449438: Microsoft Office WordPerfect 5.x Converter contains a buffer overflow vulnerability
Platforms Affected:
- Microsoft FrontPage 2000
- Microsoft FrontPage 2002
- Microsoft FrontPage 2003
- Microsoft Office 2000
- Microsoft Office 2003
- Microsoft Office XP
- Microsoft Publisher 2000
- Microsoft Publisher 2002
- Microsoft Publisher 2003
- Microsoft Word 2000
- Microsoft Word 2002
- Microsoft Word 2003
- Microsoft Works 2001
- Microsoft Works 2002
- Microsoft Works 2003
- Microsoft Works 2004
Reported:
Sep 14, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net