iDefense Security Advisory 02.12.08 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Works Converter allows attackers to execute arbitrary code as the current user. This vulnerability stems from improper input validation of section length headers when converting a Microsoft Works document (WPS extension) to Rich Text Format (RTF). When certain fields are modified, such as the length or count values, a stack-based buffer overflow occurs. This leads to a directly exploitable condition. iDefense confirmed that wkcvqd01.dll version 7.03.0616.0, as included with Microsoft Office 2003, is vulnerable. Older versions of Microsoft Office as well as Microsoft Works are also assumed vulnerable.
207cf5b468a23064f67c4182942fefed2de146debb30ce9c6b79cfdd7b4223b3