Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2004-09-28 |
Product | Publisher | Last view | 2024-02-13 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2024-02-13 | CVE-2024-20673 | Microsoft Office Remote Code Execution Vulnerability |
7.8 | 2023-06-17 | CVE-2023-28295 | Microsoft Publisher Remote Code Execution Vulnerability |
7.8 | 2023-06-17 | CVE-2023-28287 | Microsoft Publisher Remote Code Execution Vulnerability |
5.5 | 2022-05-10 | CVE-2022-29107 | Microsoft Office Security Feature Bypass Vulnerability |
8.8 | 2020-04-15 | CVE-2020-0760 | A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. |
7.8 | 2018-06-14 | CVE-2018-8245 | A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher. |
7.8 | 2017-09-12 | CVE-2017-8725 | A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution". |
7.8 | 2016-12-20 | CVE-2016-7289 | Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." |
9.3 | 2015-11-11 | CVE-2015-2503 | Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability." |
9.3 | 2014-04-08 | CVE-2014-1759 | pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability." |
9.3 | 2013-05-14 | CVE-2013-1329 | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." |
9.3 | 2013-05-14 | CVE-2013-1328 | Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability." |
9.3 | 2013-05-14 | CVE-2013-1327 | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." |
9.3 | 2013-05-14 | CVE-2013-1323 | Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability." |
10 | 2013-05-14 | CVE-2013-1322 | Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability." |
9.3 | 2013-05-14 | CVE-2013-1321 | Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability." |
10 | 2013-05-14 | CVE-2013-1320 | Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability." |
10 | 2013-05-14 | CVE-2013-1319 | Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability." |
10 | 2013-05-14 | CVE-2013-1318 | Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." |
9.3 | 2013-05-14 | CVE-2013-1317 | Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability." |
9.3 | 2013-05-14 | CVE-2013-1316 | Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability." |
9.3 | 2011-12-13 | CVE-2011-3412 | Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability." |
9.3 | 2011-12-13 | CVE-2011-3411 | Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability." |
9.3 | 2011-12-13 | CVE-2011-3410 | Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability." |
9.3 | 2011-12-13 | CVE-2011-1508 | Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability." |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
29% (8) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25% (7) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
22% (6) | CWE-20 | Improper Input Validation |
7% (2) | CWE-399 | Resource Management Errors |
7% (2) | CWE-189 | Numeric Errors |
3% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
3% (1) | CWE-190 | Integer Overflow or Wraparound |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:4307 | GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2002) |
oval:org.mitre.oval:def:4216 | GDI+ JPEG Parsing Engine Buffer Overflow (IE6) |
oval:org.mitre.oval:def:4003 | GDI+ JPEG Parsing Engine Buffer Overflow (Windows XP) |
oval:org.mitre.oval:def:3881 | GDI+ JPEG Parsing Engine Buffer Overflow (Office XP,SP2) |
oval:org.mitre.oval:def:3810 | GDI+ JPEG Parsing Engine Buffer Overflow (Project 2003) |
oval:org.mitre.oval:def:3320 | GDI+ JPEG Parsing Engine Buffer Overflow Microsoft Office Visio Pro 2003 |
oval:org.mitre.oval:def:3082 | GDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2002) |
oval:org.mitre.oval:def:3038 | GDI+ JPEG Parsing Engine Buffer Overflow (Project 2002,SP1) |
oval:org.mitre.oval:def:2706 | GDI+ JPEG Parsing Engine Buffer Overflow (Office 2003) |
oval:org.mitre.oval:def:1721 | GDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2003) |
oval:org.mitre.oval:def:1105 | GDI+ JPEG Parsing Engine Buffer Overflow (Server 2003) |
oval:org.mitre.oval:def:4005 | Office XP, SP2 WordPerfect Converter Buffer Overflow |
oval:org.mitre.oval:def:3333 | Office XP, SP3 WordPerfect Converter Buffer Overflow |
oval:org.mitre.oval:def:3311 | Office 2003 WordPerfect Converter Buffer Overflow |
oval:org.mitre.oval:def:2670 | Office 2000 WordPerfect Converter Buffer Overflow |
oval:org.mitre.oval:def:590 | Microsoft Publisher Vulnerability |
oval:org.mitre.oval:def:568 | PowerPoint Malformed Record Memory Corruption Vulnerability |
oval:org.mitre.oval:def:220 | Microsoft PowerPoint Malformed Record Memory Corruption Vulnerability |
oval:org.mitre.oval:def:301 | Excel Malformed Record Vulnerability |
oval:org.mitre.oval:def:1871 | Publisher Invalid Memory Reference Vulnerability |
oval:org.mitre.oval:def:5305 | Publisher Invalid Memory Reference Vulnerability |
oval:org.mitre.oval:def:4547 | Word Memory Corruption Vulnerability |
oval:org.mitre.oval:def:7141 | Publisher Object Handler Validation Vulnerability |
oval:org.mitre.oval:def:11555 | Size Value Heap Corruption in pubconv.dll Vulnerability |
oval:org.mitre.oval:def:12187 | Heap Overrun in pubconv.dll Vulnerability |
SAINT Exploits
Description | Link |
---|---|
Microsoft Publisher File Conversion Textbox buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
77672 | Microsoft Office Publisher Unspecified Publisher File Handling Remote Memory ... |
77671 | Microsoft Office Publisher Invalid Pointer Publisher File Handling Remote Mem... |
77670 | Microsoft Office Publisher Array Indexing Publisher File Handling Remote Memo... |
76460 | Microsoft Office Publisher pubconv.dll .pub File Handling Overflow |
69815 | Microsoft Office Publisher Array Indexing Memory Corruption |
69814 | Microsoft Office Publisher Malformed PUB File Handling Memory Corruption |
69813 | Microsoft Office Publisher pubconv.dll Array Indexing Memory Corruption |
69812 | Microsoft Office Publisher pubconv.dll Unspecified Heap Overrun |
69811 | Microsoft Office Publisher pubconv.dll Size Value Handling Heap Corruption |
63748 | Microsoft Office Publisher 97 File Conversion TextBox Processing Overflow |
47004 | Microsoft Crypto API S/MIME X.509 Certificate CRL Check Remote Information Di... |
45264 | Microsoft Office Publisher File Format Unspecified Remote Code Execution |
44319 | Microsoft Office Publisher Crafted PUB File Handling DoS |
41447 | Microsoft Office Publisher Memory Index Validation .pub File Handling Arbitra... |
41446 | Microsoft Office Publisher .pub File Handling Arbitrary Code Execution |
35953 | Microsoft Office Publisher .pub Page Data Handling Arbitrary Code Execution |
31901 | Microsoft Office Unspecified String Handling Arbitrary Code Execution |
29448 | Microsoft PowerPoint Crafted File Unspecified Code Execution |
28730 | Microsoft Publisher PUB File Font Parsing Overflow |
9951 | Microsoft Multiple Products GDIPlus.dll JPEG Processing Overflow |
9950 | Microsoft Office WordPerfect Converter Overflow |
OpenVAS Exploits
id | Description |
---|---|
2011-12-14 | Name : Microsoft Publisher Remote Code Execution Vulnerabilities (2607702) File : nvt/secpod_ms11-091.nasl |
2010-12-15 | Name : Microsoft Publisher Remote Code Execution Vulnerability (2292970) File : nvt/secpod_ms10-103.nasl |
2010-04-14 | Name : Microsoft Office Publisher Remote Code Execution Vulnerability (981160) File : nvt/secpod_ms10-023.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2014-A-0050 | Microsoft Publisher Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0048679 |
2013-A-0107 | Multiple Microsoft Publisher Remote Code Execution Vulnerabilities Severity: Category II - VMSKEY: V0037937 |
2010-A-0171 | Microsoft Office Publisher Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0025844 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Publisher file magic detected RuleID : 8478 - Type : FILE-IDENTIFY - Revision : 19 |
2014-01-10 | pub file download RuleID : 8350 - Type : WEB-CLIENT - Revision : 4 |
2019-04-13 | Microsoft Office Publisher 2003 EscherStm memory corruption attempt RuleID : 49432 - Type : FILE-OFFICE - Revision : 1 |
2019-04-13 | Microsoft Office Publisher 2003 EscherStm memory corruption attempt RuleID : 49431 - Type : FILE-OFFICE - Revision : 2 |
2019-03-14 | Microsoft Office Publisher Opltc memory corruption attempt RuleID : 49183 - Type : FILE-OFFICE - Revision : 2 |
2019-03-14 | Microsoft Office Publisher Opltc memory corruption attempt RuleID : 49182 - Type : FILE-OFFICE - Revision : 2 |
2017-01-10 | Microsoft Office Publisher out of bounds read attempt RuleID : 40966 - Type : FILE-OFFICE - Revision : 2 |
2017-01-10 | Microsoft Office Publisher out of bounds read attempt RuleID : 40965 - Type : FILE-OFFICE - Revision : 2 |
2016-04-05 | Microsoft Office Publisher tyo.oty field heap overflow attempt RuleID : 37921 - Type : FILE-OFFICE - Revision : 1 |
2016-04-05 | Microsoft Office Publisher pubconv.dll corruption attempt RuleID : 37920 - Type : FILE-OFFICE - Revision : 1 |
2016-03-14 | Microsoft Office Publisher 2007 conversion library code execution attempt RuleID : 37362 - Type : FILE-OFFICE - Revision : 3 |
2016-03-14 | Microsoft Office Word CoCreateInstance elevation of privilege attempt RuleID : 36721 - Type : FILE-OFFICE - Revision : 3 |
2016-03-14 | Microsoft Office Word CoCreateInstance elevation of privilege attempt RuleID : 36720 - Type : FILE-OFFICE - Revision : 3 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33959 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33958 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33957 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33956 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33955 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33954 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33953 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33952 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33951 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33950 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33949 - Type : FILE-OTHER - Revision : 2 |
2015-04-30 | WordPerfect converter buffer overflow attempt RuleID : 33948 - Type : FILE-OTHER - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-09-12 | Name: The Microsoft Publisher Products are missing a security update. File: smb_nt_ms17_sep_publisher.nasl - Type: ACT_GATHER_INFO |
2016-12-14 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: smb_nt_ms16-148.nasl - Type: ACT_GATHER_INFO |
2015-11-10 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-116.nasl - Type: ACT_GATHER_INFO |
2014-04-08 | Name: Microsoft Publisher, a component of Microsoft Office installed on the remote ... File: smb_nt_ms14-020.nasl - Type: ACT_GATHER_INFO |
2013-05-15 | Name: Microsoft Publisher, a component of Microsoft Office installed on the remote ... File: smb_nt_ms13-042.nasl - Type: ACT_GATHER_INFO |
2011-12-13 | Name: The version of Microsoft Office installed on the remote host has multiple vul... File: smb_nt_ms11-091.nasl - Type: ACT_GATHER_INFO |
2010-12-15 | Name: The version of Microsoft Office installed on the remote host has multiple mem... File: smb_nt_ms10-103.nasl - Type: ACT_GATHER_INFO |
2010-04-13 | Name: The version of Microsoft Office installed on the remote host has a buffer ove... File: smb_nt_ms10-023.nasl - Type: ACT_GATHER_INFO |
2008-02-12 | Name: Arbitrary code can be executed on the remote host through Microsoft Publisher. File: smb_nt_ms08-012.nasl - Type: ACT_GATHER_INFO |
2007-07-10 | Name: Arbitrary code can be executed on the remote host through Microsoft Publisher. File: smb_nt_ms07-037.nasl - Type: ACT_GATHER_INFO |
2007-02-13 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms_office_feb2006.nasl - Type: ACT_GATHER_INFO |
2007-02-13 | Name: Arbitrary code can be executed on the remote host through Microsoft Office. File: smb_nt_ms07-015.nasl - Type: ACT_GATHER_INFO |
2006-10-11 | Name: An application installed on the remote Mac OS X host is affected by multiple ... File: macosx_ms_office_oct2006.nasl - Type: ACT_GATHER_INFO |
2006-10-10 | Name: Arbitrary code can be executed on the remote host through Microsoft PowerPoint. File: smb_nt_ms06-058.nasl - Type: ACT_GATHER_INFO |
2006-09-12 | Name: Arbitrary code can be executed on the remote host through Microsoft Publisher. File: smb_nt_ms06-054.nasl - Type: ACT_GATHER_INFO |
2004-09-28 | Name: The remote host may have been compromised File: radmin_port_10002.nasl - Type: ACT_GATHER_INFO |
2004-09-24 | Name: It is possible to log into the remote host without a password. File: smb_login_as_x.nasl - Type: ACT_GATHER_INFO |
2004-09-15 | Name: Arbitrary code can be executed on the remote host through Office. File: smb_nt_ms04-027.nasl - Type: ACT_GATHER_INFO |
2004-09-14 | Name: Arbitrary code can be executed on the remote host. File: smb_nt_ms04-028.nasl - Type: ACT_GATHER_INFO |