A buffer overflow vulnerability in the Microsoft Office WordPerfect 5.x Converter could allow a remote attacker to execute arbitrary code on a vulnerable system.
The Microsoft Office WordPerfect 5.x Converter allows users to convert documents in WordPerfect format to Microsoft Word format. The way the converter validates the length of a parameter before passing it to its allocated buffer creates a buffer overflow vulnerability. By convincing a victim to open a specially crafted WordPerfect 5.x document using the WordPerfect 5.x Converter, a remote attacker could trigger a buffer overflow.
According to the Microsoft Security Bulletin, the following software is affected:
Microsoft notes that Office 2003 Service Pack 1 is not affected by this vulnerability.
By convincing a victim to open a specially crafted WordPerfect 5.x document, a remote attacker could execute arbitrary code with the privileges of the vulnerable process.
This vulnerability was reported by Microsoft. Microsoft credits Peter Winter-Smith for discovering this vulnerability.
This document was written by Damon Morda based on information provided by Microsoft.
|Date First Published:||2004-09-15|
|Date Last Updated:||2004-09-17 13:42 UTC|