Apr 14, 2009
I. BACKGROUND
Word 2000 is a word processing application included with the Microsoft
Office 2000 software. The WordPerfect Converter is a tool used by Word
2000 to import documents from WordPerfect files and convert them for
editing in Word 2000 format.
II. DESCRIPTION
http://support.microsoft.com/?scid=kb;en-us;290362
II. DESCRIPTION
Remote exploitation of a buffer overflow vulnerability in Microsoft
Corp.'s Office filter for WordPerfect Graphics Files, could allow an
attacker to execute arbitrary code with the privileges of the victim.
This vulnerability specifically lies within the "WPGIMP32.FLT" module. A
heap overflow can occur when processing a malformed Wordperfect Graphics
(WPG) file. By corrupting heap memory, it is possible to execute
I. BACKGROUND
Autonomy KeyView SDK is a commercial SDK that provides many file format
parsing libraries. It supports a large number of different document
formats, one of which is the Word Perfect Document (WPD) format. It is
used by several popular vendors for processing documents. For more
information, visit the URL below.
http://www.autonomy.com/
> the problem, but not really fix it. What if that application is used by multiple
> users?
There have been cases and quite a few.
My first thoughts were about Word Perfect. Actually it is just a
representative of a wider class of apps there. The semantics of locking
on Windows and Unix differ and when apps get ported (especially using a
toolkit) people do not account for the advisory nature of Unix flock().
As a result files that were reasonably safe in the original environment
due to OS-level exclusive locking stop being so on the Unix port.
> There is a very valid case of trying to restrict access via directory
> permissions. Suppose you have a binary program that uses its own
> directory but for whatever reason keeps scribbling in files with wrong
> permission in it. While I cannot think of a current example, out of the
> older ones at least one of the Word Perfect versions for linux used to
> do that.
>
> By tightening up the protection on the directory the sysadmin can
> mitigate the problem. It is in fact the standard way of doing this.
>
There is a very valid case of trying to restrict access via directory
permissions. Suppose you have a binary program that uses its own
directory but for whatever reason keeps scribbling in files with wrong
permission in it. While I cannot think of a current example, out of the
older ones at least one of the Word Perfect versions for linux used to
do that.
By tightening up the protection on the directory the sysadmin can
mitigate the problem. It is in fact the standard way of doing this.
