|
http://www.microsoft.com/technet/security/bulletin/MS03-036.asp Buffer Overrun in WordPerfect Converter Could Allow Code Execution = (827103) Originally posted: September 03, 2003 Summary Who should read this bulletin: Customers who are using Microsoft=AE = Office, Microsoft FrontPage=AE, Microsoft Publisher, or Microsoft Works = Suite Impact of vulnerability: Run code of attacker's choice Maximum Severity Rating: Important Recommendation: Customers who use any of the affected products that are = listed below should apply the security patch at their earliest = opportunity End User Bulletin: An end user version of this bulletin is available at:=20 http://www.microsoft.com/security/security_bulletins/ms03-036.asp.=20 Affected Software:=20 - Microsoft Office 97=20 - Microsoft Office 2000 - Microsoft Office XP=20 - Microsoft Word 98 (J) - Microsoft FrontPage 2000 - Microsoft FrontPage 2002 - Microsoft Publisher 2000 - Microsoft Publisher 2002 - Microsoft Works Suite 2001 - Microsoft Works Suite 2002 - Microsoft Works Suite 2003 Technical description:=20 Microsoft Office provides a number of converters that allow users to = import and edit files that use formats that are not native to Office. = These converters are available as part of the default installation of = Office and are also available separately in the Microsoft Office = Converter Pack. These converters can be useful to organizations that use = Office in a mixed environment with earlier versions of Office and other = applications, including Office for the Macintosh and third-party = productivity applications.=20 There is a flaw in the way that the Microsoft WordPerfect converter = handles Corel=AE WordPerfect documents. A security vulnerability results = because the converter does not correctly validate certain parameters = when it opens a WordPerfect document, which results in an unchecked = buffer. As a result, an attacker could craft a malicious WordPerfect = document that could allow code of their choice to be executed if an = application that used the WordPerfect converter opened the document. = Microsoft Word and Microsoft PowerPoint (which are part of the Office = suite), FrontPage (which is available as part of the Office suite or = separately), Publisher, and Microsoft Works Suite can all use the = Microsoft Office WordPerfect converter. The vulnerability could only be exploited by an attacker who persuaded a = user to open a malicious WordPerfect document-there is no way for an = attacker to force a malicious document to be opened or to trigger an = attack automatically by sending an e-mail message. Mitigating factors: - The user must open the malicious document for an attacker to be = successful. An attacker cannot force the document to be opened = automatically. - The vulnerability cannot be exploited automatically through e-mail. A = user must open an attachment that is sent in an e-mail message for an = e-mail-borne attack to be successful. Vulnerability identifier: CAN-2003-0666 This email is sent to NTBugtraq automatically as a service to my = subscribers. (v1.18) Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Whatever Happened to Octopus? LEGATO RepliStor, formerly known as Octopus, delivers breakthrough replication performance that's 5X faster than the competition in an independent head-to-head test. Learn how RepliStor uses patented, asynchronous, real-time replication, to deliver disaster recovery, data distribution and consolidated backups. It is the first replication solution to achieve Windows 2003 certification. Get the performance report now. http://portal1.legato.com/products/replistor/upgrade.cfm oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo