Microsoft WordPerfect 5.x Converter Heap Overflow

September 14th, 2004

NGSSoftware Insight Security Research Advisory

Name: Microsoft WordPerfect 5.x Converter Heap Overflow
Systems Affected: Microsoft Office, Microsoft FrontPage, Microsoft
Publisher and Microsoft Works Suite
Severity: Medium Risk
Vendor URL: http://www.microsoft.com/
Author: Peter Winter-Smith [ peter@ngssoftware.com ]
Date Vendor Notified: 13th January 2004
Date of Public Advisory: 14th September 2004
Advisory number: #NISR14092004
Advisory URL: http://www.ngssoftware.com/advisories/wordperconv.txt

Description
***********

It has been discovered that the Microsoft WordPerfect 5.x document
converter is vulnerable to a heap based buffer overflow which could allow
a remote attacker to execute arbitrary code on a vulnerable system.

This would require at least a default install of the affected products and
a certain amount of user interaction, such a visiting a malicious website
or opening a malicious document. The risk may change as a result of
individual user settings.

Details
*******

A WordPerfect 5 document can be manipulated in such a way as to cause a
heap based buffer overflow within the Microsoft WordPerfect 5.x Converter.

If the heap management structures have been overwritten, when the process
attempts to modify the structure of the heap, values which have been
overwritten are used for potentially dangerous operations which can be
made to overwrite execution-critical information and potentially cause the
application to execute arbitrary attacker supplied code.

Fix Information
***************

Microsoft have provided a fix for this issue which can be downloaded from
the Microsoft Security website at:

http://www.microsoft.com/technet/security/bulletin/MS04-027.mspx

About NGSSoftware
*****************

NGSSoftware design, research and develop intelligent, advanced application
security assessment scanners. Based in the United Kingdom, NGSSoftware
have offices in the South of London and the East Coast of Scotland.
NGSSoftware’s sister company NGSConsulting, offers best of breed security
consulting services, specialising in application, host and network
security assessments.

http://www.ngssoftware.com/

Telephone +44 208 401 0070
Fax +44 208 401 0076

enquiries@ngssoftware.com

Section Navigation


Customer Testimonials

Read what some of our satisfied customers are saying about us.

Speaking Events

We regularly present and speak at international security conferences throughout the world.

Informática 2009, Havana

OWASP AppSec Europe 2008

AusCERT 2008

NGS Publications

Web Application Hacker's Handbook

Oracle Hacker's Handbook

Database Hacker's Handbook

The Shellcoder's Handbook

SQL Server Security

Configuring IPCop Firewalls


Red Herring 100

Red Herring 100

NGSSoftware named as winners in the Red Herring 100.

SLBA 2008

South London Business Awards 2008

David Litchfield named as 'Entrepreneur of the Year' at the South London Business Awards 2008.

Queen's Award 2007

Queens Award 2007

NGSSoftware are delighted to announce that we are winners of the Queen's Award for Enterprise: International Trade 2007.

SC Awards 2008

SC Magazine Awards 2008

NGSSoftware wins 'Best Security Company'.

ITA 2008

International Trade Awards 2008

NGSSoftware South-East England Regional Winners at 2008 International Trade Awards.