|
|
Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0573 Peter Winter-Smith has reported a vulnerability in various Microsoft Office products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the WordPerfect Converter and can be exploited to cause a buffer overflow if a user opens a malicious document. Successful exploitation may allow execution of arbitrary code with the users privileges. The vulnerability affects WordPerfect Converter 5.x, which is included in various Microsoft Office products. Solution: Microsoft has released updates. Microsoft Office 2000 Software (SP 3): http://www.microsoft.com/downloads/details.aspx?FamilyId=88F52E69- 99E1-4892-9A53-84E5DFADFE6B Microsoft Office XP Software (SP 3): http://www.microsoft.com/downloads/details.aspx?FamilyId=10A6CEB 3-7B94-4F74-A5A0-60C31CE2F57B Microsoft Office 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=A0629800- 1889-495B-B25E-4637D6B03250 Microsoft Works Suite 2001: http://www.microsoft.com/downloads/details.aspx?FamilyId=88F52E69- 99E1-4892-9A53-84E5DFADFE6B Microsoft Works Suite 2002: http://www.microsoft.com/downloads/details.aspx?FamilyId=10A6CEB 3-7B94-4F74-A5A0-60C31CE2F57B Microsoft Works Suite 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=10A6CEB 3-7B94-4F74-A5A0-60C31CE2F57B Microsoft Works Suite 2004: http://www.microsoft.com/downloads/details.aspx?FamilyId=10A6CEB 3-7B94-4F74-A5A0-60C31CE2F57B Provided and/or discovered by: Peter Winter-Smith, Next Generation Security Software. Original Advisory: MS04-027 (KB884933): http://www.microsoft.com/technet/security/bulletin/ms04-027.mspx Regards, Jerome ATHIAs