http://www.microsoft.com/technet/security/bulletin/MS03-036.asp

Buffer Overrun in WordPerfect Converter Could Allow Code Execution =
(827103)

Originally posted: September 03, 2003

Summary

Who should read this bulletin: Customers who are using Microsoft=AE =
Office, Microsoft FrontPage=AE, Microsoft Publisher, or Microsoft Works =
Suite

Impact of vulnerability: Run code of attacker's choice

Maximum Severity Rating:  Important

Recommendation: Customers who use any of the affected products that are =
listed below should apply the security patch at their earliest =
opportunity

End User Bulletin:
An end user version of this bulletin is available at:=20

http://www.microsoft.com/security/security_bulletins/ms03-036.asp.=20

Affected Software:=20
- Microsoft Office 97=20
- Microsoft Office 2000
- Microsoft Office XP=20
- Microsoft Word 98 (J)
- Microsoft FrontPage 2000
- Microsoft FrontPage 2002
- Microsoft Publisher 2000
- Microsoft Publisher 2002
- Microsoft Works Suite 2001
- Microsoft Works Suite 2002
- Microsoft Works Suite 2003

Technical description:=20

Microsoft Office provides a number of converters that allow users to =
import and edit files that use formats that are not native to Office. =
These converters are available as part of the default installation of =
Office and are also available separately in the Microsoft Office =
Converter Pack. These converters can be useful to organizations that use =
Office in a mixed environment with earlier versions of Office and other =
applications, including Office for the Macintosh and third-party =
productivity applications.=20

There is a flaw in the way that the Microsoft WordPerfect converter =
handles Corel=AE WordPerfect documents. A security vulnerability results =
because the converter does not correctly validate certain parameters =
when it opens a WordPerfect document, which results in an unchecked =
buffer. As a result, an attacker could craft a malicious WordPerfect =
document that could allow code of their choice to be executed if an =
application that used the WordPerfect converter opened the document. =
Microsoft Word and Microsoft PowerPoint (which are part of the Office =
suite), FrontPage (which is available as part of the Office suite or =
separately), Publisher, and Microsoft Works Suite can all use the =
Microsoft Office WordPerfect converter.

The vulnerability could only be exploited by an attacker who persuaded a =
user to open a malicious WordPerfect document-there is no way for an =
attacker to force a malicious document to be opened or to trigger an =
attack automatically by sending an e-mail message.

Mitigating factors:
- The user must open the malicious document for an attacker to be =
successful. An attacker cannot force the document to be opened =
automatically.
- The vulnerability cannot be exploited automatically through e-mail. A =
user must open an attachment that is sent in an e-mail message for an =
e-mail-borne attack to be successful.

Vulnerability identifier:  CAN-2003-0666



This email is sent to NTBugtraq automatically as a service to my =
subscribers. (v1.18)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Whatever Happened to Octopus?

LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
replication performance that's 5X faster than the competition in an
independent head-to-head test. Learn how RepliStor uses patented,
asynchronous, real-time replication, to deliver disaster recovery, data
distribution and consolidated backups. It is the first replication solution
to achieve Windows 2003 certification. Get the performance report now.

http://portal1.legato.com/products/replistor/upgrade.cfm

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo