Info

Disclosure

Sep 14, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in the Microsoft Office WordPerfect converter. The WordPerfect converter fails to properly perform bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause remote code execution resulting in a loss of confidentiality and/or integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Office WordPerfect Converter	5.x
	Office	2003
		XP SP2
		2000 SP3
		XP SP3
	Works Suite	2004
		2001
		2002
		2003

References

Security Tracker: 1011249 1011250 1011251 1011252
Secunia Advisory ID: 12529
CVE ID: 2004-0573 (see also: NVD)
Microsoft Knowledge Base Article: 884933
Vendor URL: http://www.microsoft.com/
Other Advisory URL: http://www.ngssoftware.com/advisories/wordperconv.txt
Microsoft Security Bulletin: MS04-027
Keyword: NISR14092004

Credit

Peter Winter-Smith - peterngssoftware.com - NGSSoftware

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Office WordPerfect Converter

Office

Works Suite

References

Credit