(MS04-027) Vulnerability in WordPerfect Converter Could Allow Code Executi

• Microsoft FrontPage 2000
• Microsoft FrontPage 2002
• Microsoft FrontPage 2003
• Microsoft Office 2000
• Microsoft Office 2003
• Microsoft Office XP
• Microsoft Publisher 2000
• Microsoft Publisher 2002
• Microsoft Publisher 2003
• Microsoft Word 2000
• Microsoft Word 2002
• Microsoft Word 2003
• Microsoft Works Suite 2001
• Microsoft Works Suite 2002
• Microsoft Works Suite 2003
• Microsoft Works Suite 2004

Description:

This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes.

The vulnerability is caused by an unchecked buffer in the Microsoft Office WordPerfect Converter.

The Microsoft Office WordPerfect converter helps users convert documents from Corel WordPerfect file formats to Microsoft Word file formats. The WordPerfect converter is included in all versions of Office and is also available separately in the Microsoft Office Converter Pack.

This vulnerability can be exploited by a remote malicious attacker or a malware by:

• Web-based attack scenario:

  An attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. After they click the link, they would be prompted to perform several actions. An attack could only occur after they performed these actions.

• E-mail attack scenario:

  A user must open an attachment that is sent in an e-mail message for an attack to be successful through e-mail.

A malware or an attacker who successfully exploits this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

Note that this update replaces the security update that was provided as part of Microsoft Security Bulletin MS03-036.

Patch Information

• Microsoft Security Bulletin MS04-027
  http://www.microsoft.com/technet/security/bulletin/ms04-027.mspx

Workaround:

• Do not open WordPerfect documents using the affected WordPerfect Converter.

  Do not open WordPerfect documents from untrusted sources, using any of the software enumerated as affected in this bulletin, on systems that are not updated with the security updates accompanying this security bulletin.

• Use a third party WordPerfect to Word converter or ask the user of WordPerfect to save the document in another format.