Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) |
| Informations | |||
|---|---|---|---|
| Name | MS09-030 | First vendor Publication | 2009-07-14 |
| Vendor | Microsoft | Last vendor Modification | 2009-07-15 |
| Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.1 (July 15, 2009): Added a link to Microsoft Knowledge Base Article 969693 under Known Issues in the Executive Summary. Added information about additional security features included in this update to the Frequently Asked Questions (FAQ) Related to This Security Update section. Corrected the update filename for Office Publisher 2007 (publisher2007-kb969693-fullfile-x86-glb) in the Security Update Deployment section. These are informational changes only. There were no changes made to the security update files in this bulletin.Summary: This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS09-030.mspx |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-42 | MIME Conversion |
| CAPEC-44 | Overflow Binary Resource File |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-100 | Overflow Buffers |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6285 | |||
| Oval ID: | oval:org.mitre.oval:def:6285 | ||
| Title: | Pointer Dereference Vulnerability | ||
| Description: | Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0566 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Publisher 2007 |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-07-15 | Name : Microsoft Office Publisher Remote Code Execution Vulnerability (969516) File : nvt/secpod_ms09-030.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 55838 | Microsoft Office Publisher PUBCONV.DLL Legacy Format Importation Pointer Dere... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Office Publisher 2007 pointer dereference attempt RuleID : 19932 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Publisher 2007 file format arbitrary code execution attempt RuleID : 15681 - Revision : 14 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-07-14 | Name : It is possible to execute arbitrary code on the remote Windows host using Mic... File : smb_nt_ms09-030.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:46:16 |
|
| 2014-01-19 21:30:20 |
|
