• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Microsoft East Asian Word Conversion Vulnerability

Severity: LOW

Description:

East Asian language versions of Word and Powerpoint are susceptible to a buffer overflow exploit. The overflowable buffer is in the code that converts Word 5 documents into newer formats. Word 97, 98, and 2000 will automatically convert older files into the new format upon loading.

If a specially-modified Chinese, Japanese or Korean Word 5 document is loaded into a newer version of Word or PowerPoint, arbitrary code can be executed during the conversion process, at the privilege level of the current user.

Affected Products:

• Microsoft Converter Pack 2000 0.0.0
• Microsoft Office 2000 Chinese Version 0.0.0
• Microsoft Office 2000 Japanese Version 0.0.0
• Microsoft Office 2000 Korean Version 0.0.0
• Microsoft Office 97 Chinese Version 0.0.0
• Microsoft Office 97 Japanese Version 0.0.0
• Microsoft Office 97 Korean Version 0.0.0
• Microsoft PowerPoint 2000 Chinese Edition 0.0.0
• Microsoft PowerPoint 2000 Japanese Edition 0.0.0
• Microsoft PowerPoint 2000 Korean Edition 0.0.0
• Microsoft PowerPoint 97 Chinese Edition 0.0.0
• Microsoft PowerPoint 97 Japanese Edition 0.0.0
• Microsoft PowerPoint 97 Korean Edition 0.0.0
• Microsoft Word 2000 Chinese Version
• Microsoft Word 2000 Japanese Version
• Microsoft Word 2000 Korean Version
• Microsoft Word 97 Chinese Version 0.0.0
• Microsoft Word 97 Japanese Version 0.0.0
• Microsoft Word 97 Korean Version 0.0.0
• Microsoft Word 98 Chinese Version 0.0.0
• Microsoft Word 98 Japanese Version 0.0.0
• Microsoft Word 98 Korean Version 0.0.0

References:

• Microsoft: Frequently Asked Questions: Microsoft Security Bulletin MS00-002
• Microsoft: Q249881: Patch Available for "Malformed Conversion Data" Vulnerability (East Asi

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.