[CTS] Microsoft Security Bulletin MS03-036: Buffer Overrun in WordPerfect Converter Could Allow Code Execution(827103)

From: "Microsoft" <0_51914_F9D99B15-4E44-4127-9D2A-B6F372F2EA1C_US@xxxxxxxxxxxxxxxxxxxxxxxxx>
To: <computertalkshop@xxxxxxxxxxxxx>
Date: Wed, 3 Sep 2003 14:46:05 -0700
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title:      Buffer Overrun in WordPerfect Converter Could Allow 
            Code Execution (827103)
Date:       03 September 2003
Software:   Microsoft Office 97 
            Microsoft Office 2000 
            Microsoft Office XP 
            Microsoft Word 98 (J) 
            Microsoft FrontPage 2000 
            Microsoft FrontPage 2002 
            Microsoft Publisher 2000 
            Microsoft Publisher 2002 
            Microsoft Works Suite 2001 
            Microsoft Works Suite 2002 
            Microsoft Works Suite 2003
Impact:     Run code of attacker's choice
Max Risk:   Important
Bulletin:   MS03-036

Microsoft encourages customers to review the Security Bulletins 
at: 
http://www.microsoft.com/technet/security/bulletin/MS03-036.asp
http://www.microsoft.com/security/security_bulletins/ms03-036.asp
- ----------------------------------------------------------------------

Issue:
======
Microsoft Office provides a number of converters that allow users 
to import and edit files that use formats that are not native to 
Office. These converters are available as part of the default 
installation of Office and are also available separately in the 
Microsoft Office Converter Pack. These converters can be useful 
to organizations that use Office in a mixed environment with 
earlier versions of Office and other applications, including 
Office for the Macintosh and third-party productivity 
applications.  


There is a flaw in the way that the Microsoft WordPerfect 
converter handles Corel(r) WordPerfect documents. A security 
vulnerability results because the converter does not correctly 
validate certain parameters when it opens a WordPerfect document, 
which results in an unchecked buffer. As a result, an attacker 
could craft a malicious WordPerfect document that could allow 
code of their choice to be executed if an application that used 
the WordPerfect converter opened the document. Microsoft Word and 
Microsoft PowerPoint (which are part of the Office suite), 
FrontPage (which is available as part of the Office suite or 
separately), Publisher, and Microsoft Works Suite can all use the 
Microsoft Office WordPerfect converter. 

The vulnerability could only be exploited by an attacker who 
persuaded a user to open a malicious WordPerfect document-there 
is no way for an attacker to force a malicious document to be 
opened or to trigger an attack automatically by sending an e-mail 
message. 

Mitigating Factors:
====================
- -The user must open the malicious document for an attacker to be 
successful. An attacker cannot force the document to be opened 
automatically. 
- -The vulnerability cannot be exploited automatically through e-
mail. A user must open an attachment that is sent in an e-mail 
message for an e-mail-borne attack to be successful.

Risk Rating:
============
 - Important

Patch Availability:
===================
 - A patch is available to fix this vulnerability. Please read 
the Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms03-036.asp
http://www.microsoft.com/security/security_bulletins/ms03-036.asp
for information on obtaining this patch.

Acknowledgment:
===============
 - eEye Digital Security, http://www.eeye.com 

- -----------------------------------------------------------------
- ----

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS 
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT 
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING 
THE 
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS 
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, 
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL 
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN 
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT 
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL 
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com

iQEVAwUBP1YRF40ZSRQxA/UrAQFE2Af/RLUKwbFBbwCXu2AMeplBRZKB9JaT2Zud
aUDch63srKjb1FQwPphTcOiizDBymhYj7/QIc3BfFJgBPkcCUsKlx8Ak5kVV/U0R
OSMFCpWzbo0XcscdWpyVfty3n26Bq39dOthsczZkXmq8GkXCaXuz9Vtsur/yz0qY
vkcrO0cqlLhuVJ75H7ZKBne5t7/Ey5JvtM6ei2mw3+JQvYq4WsZobWaYkLjX1Opa
Iz0lLCEUP5ePyM75l9DKzW9SgsLxcqRWOQngjGCmh1kQgqJ3D+6q0l9WzbiZM65h
sfSMuAL6bk2LQIhBOemLyKD/MkIqkHK2ELbZAuWl6s74D2ukruqrvQ==
=SYfZ
-----END PGP SIGNATURE-----


*******************************************************************

You have received this e-mail bulletin because of your subscription to the 
Microsoft Product Security Notification Service.  For more information on this 
service, please visit http://www.microsoft.com/technet/security/notify.asp.
 
To verify the digital signature on this bulletin, please download our PGP key 
at http://www.microsoft.com/technet/security/notify.asp.
 
To unsubscribe from the Microsoft Security Notification Service, please visit 
the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp 
 
If you do not wish to use Microsoft Passport, you can unsubscribe from the 
Microsoft Security Notification Service via email as described below:
Reply to this message with the word UNSUBSCRIBE in the Subject line.
 
For security-related information about Microsoft products, please visit the 
Microsoft Security Advisor web site at http://www.microsoft.com/security.
---------------------------------------------------------------------------
Computer Talk Shop http://www.computertalkshop.com
Un-subscribe/Vacation, http://www.computertalkshop.com/list_options.htm

List HowTo: http://www.computertalkshop.com/faq.htm

To join Computer Talk Shop's off topic list, please goto:
http://computertalkshop.com/other_cts_lists.htm
---------------------------------------------------------------------------
[CTS] Microsoft Security Bulletin MS03-036: Buffer Overrun in WordPerfect Converter Could Allow Code Execution(827103)

Other related posts:
