Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Microsoft Word Perfect convertor buffer overflow

  [NT] Additional Information Released on Microsoft WordPerfect Document Converter Buffer Overflow

  EEYE: Microsoft WordPerfect Document Converter Buffer Overflow

From:MICROSOFT <secure_(at)_microsoft.com>
Date:04.09.2003
Subject:Microsoft Security Bulletin MS03-036: Buffer Overrun in WordPerfect Converter Could Allow Code Execution(827103)

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title:      Buffer Overrun in WordPerfect Converter Could Allow
           Code Execution (827103)
Date:       03 September 2003
Software:   Microsoft Office 97
           Microsoft Office 2000
           Microsoft Office XP
           Microsoft Word 98 (J)
           Microsoft FrontPage 2000
           Microsoft FrontPage 2002
           Microsoft Publisher 2000
           Microsoft Publisher 2002
           Microsoft Works Suite 2001
           Microsoft Works Suite 2002
           Microsoft Works Suite 2003
Impact:     Run code of attacker's choice
Max Risk:   Important
Bulletin:   MS03-036

Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/security/bulletin/MS03-036.asp
http://www.microsoft.com/security/security_bulletins/ms03-036.asp
- ----------------------------------------------------------------------

Issue:
======
Microsoft Office provides a number of converters that allow users
to import and edit files that use formats that are not native to
Office. These converters are available as part of the default
installation of Office and are also available separately in the
Microsoft Office Converter Pack. These converters can be useful
to organizations that use Office in a mixed environment with
earlier versions of Office and other applications, including
Office for the Macintosh and third-party productivity
applications.  


There is a flaw in the way that the Microsoft WordPerfect
converter handles Corel(r) WordPerfect documents. A security
vulnerability results because the converter does not correctly
validate certain parameters when it opens a WordPerfect document,
which results in an unchecked buffer. As a result, an attacker
could craft a malicious WordPerfect document that could allow
code of their choice to be executed if an application that used
the WordPerfect converter opened the document. Microsoft Word and
Microsoft PowerPoint (which are part of the Office suite),
FrontPage (which is available as part of the Office suite or
separately), Publisher, and Microsoft Works Suite can all use the
Microsoft Office WordPerfect converter.

The vulnerability could only be exploited by an attacker who
persuaded a user to open a malicious WordPerfect document-there
is no way for an attacker to force a malicious document to be
opened or to trigger an attack automatically by sending an e-mail
message.

Mitigating Factors:
====================
- -The user must open the malicious document for an attacker to be
successful. An attacker cannot force the document to be opened
automatically.
- -The vulnerability cannot be exploited automatically through e-
mail. A user must open an attachment that is sent in an e-mail
message for an e-mail-borne attack to be successful.

Risk Rating:
============
- Important

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read
the Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms03-036.asp
http://www.microsoft.com/security/security_bulletins/ms03-036.asp
for information on obtaining this patch.

Acknowledgment:
===============
- eEye Digital Security, http://www.eeye.com

- -----------------------------------------------------------------
- ----

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com

iQEVAwUBP1YRF40ZSRQxA/UrAQFE2Af/RLUKwbFBbwCXu2AMeplBRZKB9JaT2Zud
aUDch63srKjb1FQwPphTcOiizDBymhYj7/QIc3BfFJgBPkcCUsKlx8Ak5kVV/U0R
OSMFCpWzbo0XcscdWpyVfty3n26Bq39dOthsczZkXmq8GkXCaXuz9Vtsur/yz0qY
vkcrO0cqlLhuVJ75H7ZKBne5t7/Ey5JvtM6ei2mw3+JQvYq4WsZobWaYkLjX1Opa
Iz0lLCEUP5ePyM75l9DKzW9SgsLxcqRWOQngjGCmh1kQgqJ3D+6q0l9WzbiZM65h
sfSMuAL6bk2LQIhBOemLyKD/MkIqkHK2ELbZAuWl6s74D2ukruqrvQ==
=SYfZ
-----END PGP SIGNATURE-----



*******************************************************************

You have received this e-mail bulletin because of your subscription to the Microsoft Product
Security Notification Service.  For more information on this service, please visit
http://www.microsoft.com/technet/security/notify.asp.

To verify the digital signature on this bulletin, please download our PGP key at
http://www.microsoft.com/technet/security/notify.asp.

To unsubscribe from the Microsoft Security Notification Service, please visit the Microsoft
Profile Center at http://register.microsoft.com/regsys/pic.asp

If you do not wish to use Microsoft Passport, you can unsubscribe from the Microsoft
Security Notification Service via email as described below:
Reply to this message with the word UNSUBSCRIBE in the Subject line.

For security-related information about Microsoft products, please visit the Microsoft
Security Advisor web site at http://www.microsoft.com/security.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod