Reported September 14, 2004, by Microsoft
VERSIONS AFFECTED
|
DESCRIPTION
A remote code execution vulnerability exists in Microsoft's WordPerfect 5.x Converter.
If a user is logged on with administrative privileges, a potential attacker who
successfully exploited this vulnerability could take complete control of the
affected system. Interaction from the vulnerable user is required for the
exploit to succeed.
VENDOR RESPONSE
Microsoft has released
bulletin MS04-027, "Vulnerability in WordPerfect Converter
Could Allow Code Execution (884933)," to address this vulnerability and
recommends that affected users apply the appropriate patch listed in the
bulletin. This patch supersedes the update provided in MS03-036.
CREDIT
Discovered by Peter Winter-Smith of Next
Generation Security (NGS) Software.