Microsoft WordPerfect Converter Remote Buffer Overflow Vulnerability



Date Discovered

September 14, 2004


Microsoft WordPerfect Converter is reported prone to a remote buffer overflow vulnerability when handling malformed files. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable computer to gain unauthorized access. To carry out an attack, the attacker may create a malicious file and entice a user to open the file through an application that employs WordPerfect Converter. Microsoft WordPerfect Converter is installed by default in various versions of Microsoft Office, Microsoft Word, Microsoft FrontPage, Microsoft Publisher, and Microsoft Works Suite. Microsoft Office 2003 Service Pack 1 is not affected by this vulnerability. This issue may be similar in nature to BID 8538 (Microsoft WordPerfect Converter Buffer Overrun Vulnerability).

Technologies Affected

  • Microsoft FrontPage 2000 SP1
  • Microsoft FrontPage 2000
  • Microsoft FrontPage 2000 SP2
  • Microsoft FrontPage 2000 SR1
  • Microsoft FrontPage 2002
  • Microsoft FrontPage 2002 SP1
  • Microsoft FrontPage 2003
  • Microsoft Office 2000
  • Microsoft Office 2000 SP1
  • Microsoft Office 2000 SP2
  • Microsoft Office 2000 SP3
  • Microsoft Office 2003
  • Microsoft Office XP
  • Microsoft Office XP SP1
  • Microsoft Office XP SP2
  • Microsoft Office XP SP3
  • Microsoft Publisher 2000
  • Microsoft Publisher 2002
  • Microsoft Publisher 2003
  • Microsoft Word 2000
  • Microsoft Word 2000 SP2
  • Microsoft Word 2000 SP3
  • Microsoft Word 2000 SR1
  • Microsoft Word 2000 SR1a
  • Microsoft Word 2002
  • Microsoft Word 2002 SP1
  • Microsoft Word 2002 SP2
  • Microsoft Word 2003
  • Microsoft Works 2000
  • Microsoft Works Suite 2001
  • Microsoft Works Suite 2002
  • Microsoft Works Suite 2003
  • Microsoft Works Suite 2004


Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy network intrusion detection systems to monitor all network traffic for signs of suspicious or anomalous activity. This may aid in detecting malicious activity that may result from exploitation of this and other latent vulnerabilities.

Do not accept or execute files from untrusted or unknown sources.
An attacker can exploit this issue by creating a malicious file and sending the file to a vulnerable user to be viewed via an affected application. Users should not accept files from untrusted or unknown sources.

Do not follow links provided by unknown or untrusted sources.
An attacker may create a malicious file and host it on a Web site to be viewed by a vulnerable user. The attacker would attempt to entice the user to visit the attacker's Web site. Users should not follow links supplied by unknown or untrusted sources.

Run all software as a nonprivileged user with minimal access rights.
All non-administrative tasks, such as reading email and browsing the web, should be perform as an unprivileged user with minimal access rights. This may help to limit the impact of vulnerabilities that may be exploited through client software.

Microsoft has released a security bulletin MS04-027 to address this issue. This bulletin includes fixes to address this issue on supported platforms. Please see the referenced bulletin for more information.



Discovery is credited to Peter Winter-Smith of Next Generation Security Software Ltd.

© 1995- Symantec Corporation

Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from


The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.