CVE-2004-0573
CVSS7.5
发布时间 :2004-09-28 00:00:00
修订时间 :2016-10-17 22:46:12
NMCOPS    

[原文]Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.


[CNNVD]Microsoft WordPerfect转换器远程缓冲区溢出漏洞(MS04-027)(CNNVD-200409-059)

        
        Microsoft Office提供多个转换器允许用户导入和编辑原来不属于Office格式的文件。这些转换器是Office默认安装的一部分,也可以独立存在于Microsoft Office Converter Pack中,这些转换器可以方便的应用于Office早期版本和其他应用系统复杂的环境中,包括Macintosh和第三方应用程序。
        Microsoft WordPerfect转换器在处理部分文件时存在缓冲区溢出,远程攻击者可以利用这个漏洞构建恶意文件,诱使用户转换,以用户进程权限在系统上执行任意指令。
        如果用户以管理员方式登录,在使用Microsoft WordPerfect转换器处理恶意攻击者提供的文件时,可导致触发缓冲区溢出,精心构建文件数据,可能以用户进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:word:2003Microsoft Word 2003
cpe:/a:microsoft:word:2002Microsoft Word 2002
cpe:/a:microsoft:office:2003::student_teacher
cpe:/a:microsoft:office:xpMicrosoft Office XP
cpe:/a:microsoft:publisher:2000Microsoft Publisher 2000
cpe:/a:microsoft:works:2004Microsoft Works 2004
cpe:/a:microsoft:works:2003Microsoft works_suite 2003
cpe:/a:microsoft:works:2002Microsoft works_suite 2002
cpe:/a:microsoft:word:2000Microsoft Word 2000
cpe:/a:microsoft:office:2000Microsoft Office 2000
cpe:/a:microsoft:frontpage:2002Microsoft Frontpage 2002
cpe:/a:microsoft:frontpage:2003Microsoft Frontpage 2003
cpe:/a:microsoft:works:2001Microsoft works_suite 2001
cpe:/a:microsoft:frontpage:2000Microsoft Frontpage 2000
cpe:/a:microsoft:publisher:2003Microsoft Publisher 2003
cpe:/a:microsoft:publisher:2002Microsoft Publisher 2002

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4005Office XP, SP2 WordPerfect Converter Buffer Overflow
oval:org.mitre.oval:def:3333Office XP, SP3 WordPerfect Converter Buffer Overflow
oval:org.mitre.oval:def:3311Office 2003 WordPerfect Converter Buffer Overflow
oval:org.mitre.oval:def:2670Office 2000 WordPerfect Converter Buffer Overflow
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0573
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0573
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200409-059
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109519646030906&w=2
(UNKNOWN)  BUGTRAQ  20040914 Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability
http://securitytracker.com/id?1011249
(UNKNOWN)  SECTRACK  1011249
http://securitytracker.com/id?1011250
(UNKNOWN)  SECTRACK  1011250
http://securitytracker.com/id?1011251
(UNKNOWN)  SECTRACK  1011251
http://securitytracker.com/id?1011252
(UNKNOWN)  SECTRACK  1011252
http://www.kb.cert.org/vuls/id/449438
(UNKNOWN)  CERT-VN  VU#449438
http://www.microsoft.com/technet/security/bulletin/ms04-027.asp
(VENDOR_ADVISORY)  MS  MS04-027
http://xforce.iss.net/xforce/xfdb/17306
(VENDOR_ADVISORY)  XF  wordperfect-converter-message-bo(17306)

- 漏洞信息

Microsoft WordPerfect转换器远程缓冲区溢出漏洞(MS04-027)
高危 边界条件错误
2004-09-28 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft Office提供多个转换器允许用户导入和编辑原来不属于Office格式的文件。这些转换器是Office默认安装的一部分,也可以独立存在于Microsoft Office Converter Pack中,这些转换器可以方便的应用于Office早期版本和其他应用系统复杂的环境中,包括Macintosh和第三方应用程序。
        Microsoft WordPerfect转换器在处理部分文件时存在缓冲区溢出,远程攻击者可以利用这个漏洞构建恶意文件,诱使用户转换,以用户进程权限在系统上执行任意指令。
        如果用户以管理员方式登录,在使用Microsoft WordPerfect转换器处理恶意攻击者提供的文件时,可导致触发缓冲区溢出,精心构建文件数据,可能以用户进程权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS04-027)以及相应补丁:
        MS04-027:Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS04-027.mspx

        补丁下载:
        Microsoft Office 2000 Software Service Pack 3:
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=88F52E69-99E1-4892-9A53-84E5DFADFE6B

        Microsoft Office 2000 Service Pack 3 Software:
        Word 2000
        
        FrontPage 2000
        
        Publisher 2000
        
        
        Microsoft Office XP Software Service Pack 3:
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=10A6CEB3-7B94-4F74-A5A0-60C31CE2F57B

        Microsoft Office XP Software Service Pack 2:
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=10A6CEB3-7B94-4F74-A5A0-60C31CE2F57B

        Microsoft Office XP Software:
        Word 2002
        
        FrontPage 2002
        
        Publisher 2002
        
        
        Microsoft Office 2003:
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=A0629800-1889-495B-B25E-4637D6B03250

        Microsoft Office 2003 Software:
        Word 2003
        
        FrontPage 2003
        
        Publisher 2003
        
        
        Microsoft Works Suites:
        Microsoft Works Suite 2001:
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=88F52E69-99E1-4892-9A53-84E5DFADFE6B

        
        Microsoft Works Suite 2002:
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=10A6CEB3-7B94-4F74-A5A0-60C31CE2F57B

        
        Microsoft Works Suite 2003
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=10A6CEB3-7B94-4F74-A5A0-60C31CE2F57B

        Microsoft Works Suite 2004
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=10A6CEB3-7B94-4F74-A5A0-60C31CE2F57B

- 漏洞信息 (F34354)

ms04-027.html (PacketStormID:F34354)
2004-09-15 00:00:00
Peter Winter-Smith  microsoft.com
advisory,remote,code execution
CVE-2004-0573
[点击下载]

Microsoft Security Advisory MS04-027 - A remote code execution vulnerability exists in the Microsoft WordPerfect 5.x Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.

- 漏洞信息

9950
Microsoft Office WordPerfect Converter Overflow
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity

- 漏洞描述

A remote overflow exists in the Microsoft Office WordPerfect converter. The WordPerfect converter fails to properly perform bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause remote code execution resulting in a loss of confidentiality and/or integrity.

- 时间线

2004-09-14 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft WordPerfect Converter Remote Buffer Overflow Vulnerability
Boundary Condition Error 11172
Yes No
2004-09-14 12:00:00 2009-07-12 07:06:00
Discovery is credited to Peter Winter-Smith of Next Generation Security Software Ltd.

- 受影响的程序版本

Microsoft Works Suite 2004
Microsoft Works Suite 2003
Microsoft Works Suite 2002
Microsoft Works Suite 2001
Microsoft Works 2000
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Microsoft Word 2003
+ Microsoft Office 2003 SP1
+ Microsoft Office 2003 0
Microsoft Word 2002 SP2
+ Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Word 2002 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Word 2002
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Word 2000 SR1a
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000 SR1
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000 SP3
+ Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Word 2000 SP2
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Publisher 2003
Microsoft Publisher 2002
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Publisher 2000
Microsoft Office XP SP3
+ Microsoft Excel 2002 SP3
+ Microsoft Excel 2002 SP3
+ Microsoft FrontPage 2002 SP3
+ Microsoft FrontPage 2002 SP3
+ Microsoft Outlook 2002 SP3
+ Microsoft Outlook 2002 SP3
+ Microsoft PowerPoint 2002 SP3
+ Microsoft PowerPoint 2002 SP3
+ Microsoft Publisher 2002 SP3
+ Microsoft Publisher 2002 SP3
Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Office XP SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office XP
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office 2003 0
+ Microsoft Excel 2003
+ Microsoft FrontPage 2003
+ Microsoft InfoPath 2003
+ Microsoft OneNote 2003 0
+ Microsoft Outlook 2003 0
+ Microsoft PowerPoint 2003 0
+ Microsoft Publisher 2003
Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Office 2000 SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office 2000 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft FrontPage 2003
Microsoft FrontPage 2002 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft FrontPage 2002
+ Microsoft Office XP
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft FrontPage 2000 SR1
Microsoft FrontPage 2000 SP2
Microsoft FrontPage 2000 SP1
Microsoft FrontPage 2000
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Microsoft Office 2003 SP1

- 不受影响的程序版本

Microsoft Office 2003 SP1

- 漏洞讨论

Microsoft WordPerfect Converter is reported prone to a remote buffer overflow vulnerability when handling malformed files. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable computer to gain unauthorized access. To carry out an attack, the attacker may create a malicious file and entice a user to open the file through an application that employs WordPerfect Converter.

Microsoft WordPerfect Converter is installed by default in various versions of Microsoft Office, Microsoft Word, Microsoft FrontPage, Microsoft Publisher, and Microsoft Works Suite. Microsoft Office 2003 Service Pack 1 is not affected by this vulnerability.

This issue may be similar in nature to BID 8538 (Microsoft WordPerfect Converter Buffer Overrun Vulnerability).

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released a security bulletin MS04-027 to address this issue. This bulletin includes fixes to address this issue on supported platforms. Please see the referenced bulletin for more information.


Microsoft Publisher 2000

Microsoft Publisher 2002

Microsoft Office XP SP3

Microsoft FrontPage 2002 SP1

Microsoft FrontPage 2000 SP1

Microsoft Word 2000

Microsoft Office 2003 0

Microsoft Works Suite 2002

Microsoft FrontPage 2002

Microsoft Office 2000 SP3

Microsoft Works Suite 2004

Microsoft FrontPage 2000 SP2

Microsoft Word 2002 SP2

Microsoft Word 2002

Microsoft Word 2000 SP3

Microsoft Word 2000 SP2

Microsoft FrontPage 2003

Microsoft Word 2003

Microsoft Word 2002 SP1

Microsoft FrontPage 2000 SR1

Microsoft Works Suite 2003

Microsoft FrontPage 2000

Microsoft Word 2000 SR1a

Microsoft Works Suite 2001

Microsoft Publisher 2003

Microsoft Word 2000 SR1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站