Microsoft WordPerfect Converter Corel File Multiple Parameter Remote Overflow

2003-09-03T00:00:00
ID OSVDB:10006
Type osvdb
Reporter Yuji Ukai(alert@eEye.com)
Modified 2003-09-03T00:00:00

Description

Vulnerability Description

A remote overflow exists in Microsoft WordPerfect Converter. WordPerfect converter is installed by default in many Microsoft Office products and is invoked in Internet Explorer when needed to convert a Corel WordPerfect file. The WordPerfect Converter fails to do correct bounds checking on modified data offset and data size parameters resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code on the victim's computer resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Microsoft WordPerfect Converter. WordPerfect converter is installed by default in many Microsoft Office products and is invoked in Internet Explorer when needed to convert a Corel WordPerfect file. The WordPerfect Converter fails to do correct bounds checking on modified data offset and data size parameters resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code on the victim's computer resulting in a loss of integrity.

References:

Microsoft Security Bulletin: MS03-036 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0092.html ISS X-Force ID: 13091 CVE-2003-0666 CIAC Advisory: n-143 Bugtraq ID: 8538