| VID |
28089 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix(KB884933) for 'Code Execution Vulnerability in WordPerfect Converter' has not been applied.
Microsoft WordPerfect 5.x Converter is vulnerable to a remote code execution vulnerability, caused by an unchecked buffer in the Office WordPerfect 5.x Converter. By sending a malicious file to the target user and persuading the target user to open the file, a remote attacker could cause the application that used the WordPerfect 5.x Converter to fail, which could execute code of attacker's choice, once the target user opened the file. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. This security update replaces the security update that was provided as part of Microsoft security bulletin MS03-036(KB827103).
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms04-027.mspx
http://www.ciac.org/ciac/bulletins/o-214.shtml
* Platforms Affected:
Microsoft WordPerfect 5.x Converter component
Microsoft Office 2000 SP 3 Softwares
Microsoft Office XP Software SP3, SP2 softwares
Microsoft Office 2003 Softwares
Microsoft Works Suites 2001, 2002, 2003, 2004
Microsoft Windows Any version |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-027 at http://www.microsoft.com/technet/security/bulletin/ms04-027.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2004-0573 (CVE) |
| Related URL |
11172 (SecurityFocus) |
| Related URL |
17306 (ISS) |
|
