iDefense Security Advisory 04.14.09 – Exploitation of a stack corruption vulnerability in Microsoft Corp.’s Word 2000 WordPerfect 6.x Converter could allow an attacker to execute code in the context of the current user. Microsoft Word is able to open documents created in other applications by transparently applying a filter module which converts them to a format Word can use. The WordPerfect 6.x converter from Office 2000 fails to perform sufficient sanity checking on input files. A maliciously constructed WordPerfect document can cause potentially exploitable stack corruption. iDefense Labs have confirmed that the WordPerfect 6.x converter (WPFT632.CNV, with file version 1998.1.27.0) in Microsoft Word 2000 Service Pack 3 is vulnerable. However, the version of this converter installed with Word 2003 is not affected by this vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76654/04.14.09-1.txt
Source: https://packetstormsecurity.com/files/76654/iDEFENSE-Security-Advisory-2009-04-14.1.html