MS03-036: Buffer overrun in WordPerfect converter could allow code execution (827103)
The information in this article applies to:
- Microsoft Office XP
- Microsoft Office 2000
- Microsoft Office 97 for Windows
- Microsoft Word for Windows 98 (Japanese)
- Microsoft FrontPage 2002
- Microsoft FrontPage 2000
- Microsoft Publisher 2002
- Microsoft Publisher 2000
- Microsoft Works Suite 2003
- Microsoft Works Suite 2002
- Microsoft Works Suite 2001
SYMPTOMSWith the converters that Microsoft Office provides, users
can import and edit files that use formats that are not native to Office. These
converters are available as part of the default installation of Office and are
also available separately in the Microsoft Office Converter Pack. These
converters can be useful to organizations that use Office in a mixed
environment with earlier versions of Office and other programs, including
Office for the Macintosh and third-party productivity programs. There
is a flaw in the way that the Microsoft WordPerfect converter handles Corel
WordPerfect documents. A security vulnerability exists because the converter
does not correctly validate certain parameters when it opens a WordPerfect
document; this results in an unchecked buffer. Therefore, an attacker could
craft a malicious WordPerfect document that could allow code of their choice to
be executed if a program that uses the WordPerfect converter opened the
document. Microsoft Word and Microsoft PowerPoint (which are part of the Office
suite), FrontPage (which is available as part of the Office suite or
separately), Publisher, and Microsoft Works Suite can all use the Microsoft
Office WordPerfect converter. The vulnerability can be exploited only
by an attacker who persuades a user to open a malicious WordPerfect document.
An attacker cannot force a user to open a malicious document; an attacker
cannot use this vulnerability to trigger an attack automatically in
e-mail. Mitigating Factors- The user must open the malicious document for an attack to
be successful. An attacker cannot force the document to be opened
automatically.
- The vulnerability cannot be exploited automatically
through e-mail. A user must open an attachment that is sent in e-mail for an
e-mail attack to be successful.
- By default, Microsoft Outlook Express 6.0 and Microsoft
Outlook 2002 block programmatic access to their Address Books. Additionally,
Microsoft Outlook 98 and Microsoft Outlook 2000 block programmatic access to
the Outlook Address Book if the Outlook E-Mail Security Update has been
installed. Customers who use any of these products are not at risk of
propagating an e-mail attack that tries to exploit this
vulnerability.
RESOLUTIONSecurity Patch InformationDownload and Installation InformationIf you are using any of the following programs
- Microsoft Office XP
- Microsoft FrontPage 2002
- Microsoft Publisher 2002
- Microsoft Works 2003
- Microsoft Works 2002
see the following article in the Microsoft Knowledge
Base: 824938 Overview of the Office XP
WordPerfect 5.x Converter Security Patch: September 3, 2003
If you are using any of the following
programs
- Microsoft Office 2000
- Microsoft FrontPage 2000
- Microsoft Publisher 2000
- Microsoft Works 2001
see the following article in the Microsoft Knowledge
Base: 824993 Overview of
the Office 2000 WordPerfect 5.x Converter Security Patch: September 3, 2003
If you are running either of the following
programs
- Microsoft Office 97
- Microsoft Word for Windows 98 (Japanese)
see the following article in the Microsoft Knowledge Base for
more information: 827656 Overview of
the Office 97 WordPerfect 5.x Converter Security Patch: September 3, 2003
Patch RemovalYou cannot remove this patch. Patch Replacement InformationThis patch does not replace any other security
patches. REFERENCESFor more information about these vulnerabilities, visit the
following Microsoft Web site:
| Modification Type: | Major | Last Reviewed: | 11/1/2004 |
|---|
| Keywords: | kbBug kbfix KbSECVulnerability kbSecurity KbSECBulletin KB827103 kbAudEndUser kbAudITPRO |
|---|
|