Buffer Overrun in WordPerfect Converter Could Allow Code Execution

There is a flaw in the way that the Microsoft WordPerfect converter handles Corel WordPerfect documents. A security vulnerability exists because the converter does not correctly validate certain parameters when it opens a WordPerfect document; this results in an unchecked buffer. Therefore, an attacker could craft a malicious WordPerfect document that could allow code of their choice to be executed if a program that uses the WordPerfect converter opened the document. Microsoft Word and Microsoft PowerPoint (which are part of the Office suite), FrontPage (which is available as part of the Office suite or separately), Publisher, and Microsoft Works Suite can all use the Microsoft Office WordPerfect converter.

Affected Software:
Microsoft Office 97
Microsoft Office 2000
Microsoft Office XP
Microsoft Word 98 (J)
Microsoft FrontPage 2000
Microsoft FrontPage 2002
Microsoft Publisher 2000
Microsoft Publisher 2002
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003

Severity level: Important

View: MS Security Bulletin MS03-036 & download locations

View: Microsoft Knowledge Base Article - 827103