Microsoft WordPerfect 5.x Converter Heap Overflow

September 14th, 2004

NGSSoftware Insight Security Research Advisory

Name: Microsoft WordPerfect 5.x Converter Heap Overflow
Systems Affected: Microsoft Office, Microsoft FrontPage, Microsoft
Publisher and Microsoft Works Suite
Severity: Medium Risk
Vendor URL: http://www.microsoft.com/
Author: Peter Winter-Smith [ peter@ngssoftware.com ]
Date Vendor Notified: 13th January 2004
Date of Public Advisory: 14th September 2004
Advisory number: #NISR14092004
Advisory URL: http://www.ngssoftware.com/advisories/wordperconv.txt

Description
***********

It has been discovered that the Microsoft WordPerfect 5.x document
converter is vulnerable to a heap based buffer overflow which could allow
a remote attacker to execute arbitrary code on a vulnerable system.

This would require at least a default install of the affected products and
a certain amount of user interaction, such a visiting a malicious website
or opening a malicious document. The risk may change as a result of
individual user settings.

Details
*******

A WordPerfect 5 document can be manipulated in such a way as to cause a
heap based buffer overflow within the Microsoft WordPerfect 5.x Converter.

If the heap management structures have been overwritten, when the process
attempts to modify the structure of the heap, values which have been
overwritten are used for potentially dangerous operations which can be
made to overwrite execution-critical information and potentially cause the
application to execute arbitrary attacker supplied code.

Fix Information
***************

Microsoft have provided a fix for this issue which can be downloaded from
the Microsoft Security website at:

http://www.microsoft.com/technet/security/bulletin/MS04-027.mspx

About NGSSoftware
*****************

NGSSoftware design, research and develop intelligent, advanced application
security assessment scanners. Based in the United Kingdom, NGSSoftware
have offices in the South of London and the East Coast of Scotland.
NGSSoftware’s sister company NGSConsulting, offers best of breed security
consulting services, specialising in application, host and network
security assessments.

http://www.ngssoftware.com/

Telephone +44 208 401 0070
Fax +44 208 401 0076

enquiries@ngssoftware.com

Section Navigation


SC Awards 2008


SC Magazine Awards 2008

NGSSoftware wins 'Best Security Company'.

ITA 2008


2008 International Trade Awards

NGSSoftware named as South-East England regional winners at the 2008 International Trade Awards.

SLBA 2008


South London Business Awards 2008

David Litchfield named as 'Entrepreneur of the Year' at the South London Business Awards 2008.

Latest Vacancies

Experienced CLAS consultant

NGSSoftware are seeking an experienced CLAS consultant capable of writing Security Targets and Evaluation Work Plans for CTAS.

Please send us your CV or resume.

NGS Offices

NGS have offices located in London & St Andrews (UK) and Sydney (Australia).

NGS Consulting

Why do companies around the world – and around the corner – turn to NGS?

Discover what we could do for your business »

NGS Security Training

Find out why we have provided training to some of the world's most security conscious organisations.

Learn from the best!

Speaking Events

We regularly present and speak at international security conferences throughout the world.

OWASP AppSec Europe 2008

AusCERT 2008

ITWeb Security Summit

Customer Testimonials

Read what some of our satisfied customers are saying about us.

NGS Publications

Web Application Hacker's Handbook

Oracle Hacker's Handbook

Database Hacker's Handbook

The Shellcoder's Handbook

SQL Server Security

Configuring IPCop Firewalls


CHECK