Reported September 14, 2004, by Microsoft

VERSIONS AFFECTED

  • Microsoft Office 2003
  • Microsoft Office XP
  • Microsoft Office 2000
  • Microsoft Works Suite 2001, 2002, 2003, and 2004

DESCRIPTION
A remote code execution vulnerability exists in Microsoft's WordPerfect 5.x Converter. If a user is logged on with administrative privileges, a potential attacker who successfully exploited this vulnerability could take complete control of the affected system. Interaction from the vulnerable user is required for the exploit to succeed.

VENDOR RESPONSE
Microsoft has released bulletin MS04-027, "Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin. This patch supersedes the update provided in MS03-036.

CREDIT
Discovered by Peter Winter-Smith of Next Generation Security (NGS) Software.