MS04-027: Vulnerability in WordPerfect Converter (884933)
High Nessus Plugin ID 14732
SynopsisArbitrary code can be executed on the remote host through Office.
DescriptionThe remote host is running a version of Microsoft Office that contains a flaw in its WordPerfect converter, that could allow an attacker to execute arbitrary code on the remote host.
To exploit this flaw, an attacker would need to send a specially crafted file to a user on the remote host and wait for him to open it using Microsoft Office.
When opening the malformed file, Microsoft Office will encounter a buffer overflow that could be exploited to execute arbitrary code.
SolutionMicrosoft has released a set of patches for Office 2000, XP and 2003.