Reported September 14, 2004, by Microsoft
A remote code execution vulnerability exists in Microsoft's WordPerfect 5.x Converter. If a user is logged on with administrative privileges, a potential attacker who successfully exploited this vulnerability could take complete control of the affected system. Interaction from the vulnerable user is required for the exploit to succeed.
Microsoft has released bulletin MS04-027, "Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin. This patch supersedes the update provided in MS03-036.
Discovered by Peter Winter-Smith of Next Generation Security (NGS) Software.