Microsoft Office Publisher Multiple Vulnerabilities( 13 February 2008 )
RISK: Medium Risk
1. Publisher Invalid Memory Reference Vulnerability
A remote code execution vulnerability exists in the way Microsoft Office Publisher validates application data when loading Publisher files to memory. An attacker could exploit the vulnerability by constructing a specially crafted Publisher (.pub) file. When a user views the .pub file, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
2. Publisher Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way Microsoft Office Publisher validates memory index values. An attacker could exploit the vulnerability by constructing a specially crafted Publisher (.pub) file. When a user views the .pub file, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Office 2000 Service Pack 3
- Microsoft Office Publisher 2000 - Microsoft Office XP Service Pack 3
- Microsoft Office Publisher 2002 - Microsoft Office 2003 Service Pack 2
- Microsoft Office Publisher 2003 Service Pack 2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Office 2000 Service Pack 3
- Microsoft Office Publisher 2000 - Microsoft Office XP Service Pack 3
- Microsoft Office Publisher 2002 - Microsoft Office 2003 Service Pack 2
- Microsoft Office Publisher 2003 Service Pack 2
Vulnerability Identifier
Source
Related Link
Share with