also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

Buffer Overrun in WordPerfect Converter

Discussion in 'General Discussion' started by TS | Thomas, Sep 3, 2003.

Thread Status:
Not open for further replies.

  1. TS | Thomas Newcomer, in training

    Affected Software:
    Microsoft Office 97, 2000 & XP
    Microsoft Word 98 (J)
    Microsoft FrontPage 2000 & 2002
    Microsoft Publisher 2000 & 2002
    Microsoft Works Suite 2001, 2000 & 2002

    There is a flaw in the way that the Microsoft WordPerfect converter handles Corel WordPerfect documents. A security vulnerability results because the converter does not correctly validate certain parameters when it opens a WordPerfect document, which results in an unchecked buffer. As a result, an attacker could craft a malicious WordPerfect document that could allow code of their choice to be executed if an application that used the WordPerfect converter opened the document. Microsoft Word and Microsoft PowerPoint (which are part of the Office suite), FrontPage (which is available as part of the Office suite or separately), Publisher, & Microsoft Works Suite can all use the Microsoft Office WordPerfect converter.

    The vulnerability could only be exploited by an attacker who persuaded a user to open a malicious WordPerfect document—there is no way for an attacker to force a malicious document to be opened or to trigger an attack automatically by sending an e-mail message.

    Patch availability
    TS | Thomas, Sep 3, 2003
    #1
Thread Status:
Not open for further replies.