CERTA-2003-AVI-146
Vulnerability from certfr_avis - Published: - Updated:
Un utilisateur mal intentionné peut exploiter une vulnérabilité du convertisseur WordPerfect pour exécuter du code arbitraire.
Description
Microsoft Office fournit des convertisseurs pour pouvoir relire des documents qui utilisent des formats qui sont pas nativement reconnus par Office. Ces convertisseurs sont installés par défaut dans Microsoft Office ou sont disponibles séparement dans le pack Microsoft Office Converter Pack.
Parce qu'il ne traite pas correctement certains paramètres lors de l'ouverture d'un document WordPerfect, le convertisseur Microsoft WordPerfect présente une vulnérabilité de type débordement de mémoire.
Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné par le biais d'un document WordPerfect habilement constitué qui exécutera du code arbitraire sur la machine où il sera ouvert.
Solution
Appliquer le correctif proposé par Microsoft (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Works Suite 2003. | ||
| Microsoft | N/A | Microsoft Works Suite 2001 ; | ||
| Microsoft | Office | Microsoft Office 2000 ; | ||
| Microsoft | N/A | Microsoft Publisher 2000 ; | ||
| Microsoft | N/A | Microsoft FrontPage 2000 ; | ||
| Microsoft | N/A | Microsoft FrontPage 2002 ; | ||
| Microsoft | N/A | Microsoft Word 98 (J) ; | ||
| Microsoft | Office | Microsoft Office XP ; | ||
| Microsoft | N/A | Microsoft Publisher 2002 ; | ||
| Microsoft | Office | Microsoft Office 97 ; | ||
| Microsoft | N/A | Microsoft Works Suite 2002 ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Works Suite 2003.",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Works Suite 2001 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2000 ;",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2000 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft FrontPage 2000 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft FrontPage 2002 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 98 (J) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office XP ;",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2002 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 97 ;",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Works Suite 2002 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nMicrosoft Office fournit des convertisseurs pour pouvoir relire des\ndocuments qui utilisent des formats qui sont pas nativement reconnus par\nOffice. Ces convertisseurs sont install\u00e9s par d\u00e9faut dans Microsoft\nOffice ou sont disponibles s\u00e9parement dans le pack Microsoft Office\nConverter Pack. \n\nParce qu\u0027il ne traite pas correctement certains param\u00e8tres lors de\nl\u0027ouverture d\u0027un document WordPerfect, le convertisseur Microsoft\nWordPerfect pr\u00e9sente une vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire. \n\nCette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un utilisateur mal\nintentionn\u00e9 par le biais d\u0027un document WordPerfect habilement constitu\u00e9\nqui ex\u00e9cutera du code arbitraire sur la machine o\u00f9 il sera ouvert.\n\n## Solution\n\nAppliquer le correctif propos\u00e9 par Microsoft (cf. section\nDocumentation).\n",
"cves": [],
"links": [
{
"title": "Avis de s\u00e9curit\u00e9 Microsft MS03-036 :",
"url": "http://www.microsoft.com/technet/security/bulletin/MS03-036.asp"
}
],
"reference": "CERTA-2003-AVI-146",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-09-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Un utilisateur mal intentionn\u00e9 peut exploiter une vuln\u00e9rabilit\u00e9 du\nconvertisseur WordPerfect pour ex\u00e9cuter du code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 du convertisseur Microsoft WordPerfect",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 Microsoft MS03-036",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…