WordPerfect files cause buffer overflow
The WordPerfect office suite the former Microsoft Office competitor, now a quiet sideline product at Corel, has caused a stir: a library for processing and displaying WordPerfect files contains a critical buffer overflow that can be exploited to inject and execute arbitrary code.
The SDK Autonomy KeyView library is used by a number of products such as IBM's Lotus Notes and various Symantec email scanners. Ironically, it is also used by several products that are designed for data loss prevention. Attackers can use specially crafted emails with malformed attachments to trigger the overflow and inject programs like spyware and malware applications.
In Notes, users still have to manually open this attachment, but Symantec's Mail Security solutions open them automatically. Interestingly, Symantec says that the risk is reduced in Symantec Mail Security for SMTP, because the scan module runs at a lower privilege level. However, similar security measures of this kind do not seem to exist in the respective products for Exchange and Domino.
This is not the first time that Autonomy KeyView libraries have caused security troubles. A year ago, Secunia discovered several holes which also affected Symantec Mail Security and Lotus Notes. iDefense already informed the vendors at the end of 2008 and suitable updates or patches have been released.
- Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability, a report from iDefense.
- Symantec Products Update Vulnerable Autonomy KeyView Module, a report from Symantec.
- Potential Security Issue with Lotus Notes File Viewer for WordPerfect, a report from IBM.