Vulnerability Name:

CVE-2003-0666 (CCN-13091)

Assigned:2003-09-03
Published:2003-09-03
Updated:2018-10-12
Summary:Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Sep 03 2003 - 14:21:49 CDT
Microsoft WordPerfect Document Converter Buffer Overflow

Source: VULNWATCH
Type: Vendor Advisory
20030903 EEYE: Microsoft WordPerfect Document Converter Buffer Overflow

Source: MITRE
Type: CNA
CVE-2003-0666

Source: BUGTRAQ
Type: UNKNOWN
20030903 EEYE: Microsoft WordPerfect Document Converter Buffer Overflow

Source: BUGTRAQ
Type: UNKNOWN
20030905 Microsoft WordPerfect Document Converter Exploit

Source: CCN
Type: CIAC Information Bulletin N-143
Microsoft WordPerfect Converter Buffer Overrun Vulnerability

Source: CCN
Type: Microsoft Security Bulletin MS03-036
Buffer Overrun in WordPerfect Converter Could Allow Code Execution (827103)

Source: CCN
Type: Microsoft Security Bulletin MS04-027
Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)

Source: CCN
Type: Microsoft Security Bulletin MS09-010
Vulnerabilities in WordPad and Office Text Converters could allow Remote Code Execution (960477)

Source: CCN
Type: Microsoft Security Bulletin MS09-073
Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

Source: CCN
Type: OSVDB ID: 10006
Microsoft WordPerfect Converter Corel File Multiple Parameter Remote Overflow

Source: CCN
Type: BID-8538
Microsoft WordPerfect Converter Buffer Overrun Vulnerability

Source: MS
Type: UNKNOWN
MS03-036

Source: XF
Type: UNKNOWN
office-wordperfect-bo(13091)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:wordperfect_converter:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:office:97:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:office:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:frontpage:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:word:98:::ja:*:*:*:*
  • OR cpe:/a:microsoft:office:xp:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:works:2001:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:works:2002:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:works:2003:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:frontpage:2002:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:publisher:2000:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:publisher:2002:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft wordperfect converter *
    microsoft office 97
    microsoft office 2000
    microsoft frontpage 2000
    microsoft word 98
    microsoft office xp
    microsoft works 2001
    microsoft works 2002
    microsoft works 2003
    microsoft frontpage 2002
    microsoft publisher 2000
    microsoft publisher 2002