lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 16 Sep 2004 08:58:02 +0100
From: "NGSSoftware Insight Security Research" <nisr@...software.com>
To: <vulnwatch@...nwatch.org>, <bugtraq@...urityfocus.com>
Cc: "Peter Winter-Smith" <peter@...software.com>
Subject: Microsoft WordPerfect 5.x Converter Heap Overflow


NGSSoftware Insight Security Research Advisory

Name: Microsoft WordPerfect 5.x Converter Heap Overflow
Systems Affected: Microsoft Office, Microsoft FrontPage, Microsoft
                  Publisher and Microsoft Works Suite
Severity: Medium Risk
Vendor URL: http://www.microsoft.com/
Author: Peter Winter-Smith [ peter@...software.com ]
Date Vendor Notified: 13th January 2004
Date of Public Advisory: 14th September 2004
Advisory number: #NISR14092004
Advisory URL: http://www.ngssoftware.com/advisories/wordperconv.txt


Description
***********

It has been discovered that the Microsoft WordPerfect 5.x document
converter is vulnerable to a heap based buffer overflow which could allow
a remote attacker to execute arbitrary code on a vulnerable system.

This would require at least a default install of the affected products and
a certain amount of user interaction, such a visiting a malicious website
or opening a malicious document. The risk may change as a result of
individual user settings.


Details
*******

A WordPerfect 5 document can be manipulated in such a way as to cause a
heap based buffer overflow within the Microsoft WordPerfect 5.x Converter.

If the heap management structures have been overwritten, when the process
attempts to modify the structure of the heap, values which have been
overwritten are used for potentially dangerous operations which can be
made to overwrite execution-critical information and potentially cause the
application to execute arbitrary attacker supplied code.


Fix Information
***************

Microsoft have provided a fix for this issue which can be downloaded from
the Microsoft Security website at:

http://www.microsoft.com/technet/security/bulletin/MS04-027.mspx


About NGSSoftware
*****************

NGSSoftware design, research and develop intelligent, advanced application
security assessment scanners. Based in the United Kingdom, NGSSoftware
have offices in the South of London and the East Coast of Scotland.
NGSSoftware's sister company NGSConsulting, offers best of breed security
consulting services, specialising in application, host and network
security assessments.

http://www.ngssoftware.com/

Telephone +44 208 401 0070
Fax +44 208 401 0076

enquiries@...software.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ