Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970) |
Informations | |||
---|---|---|---|
Name | MS10-103 | First vendor Publication | 2010-12-14 |
Vendor | Microsoft | Last vendor Modification | 2010-12-14 |
Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (December 14, 2010): Bulletin published.Summary: This security update resolves five privately reported vulnerabilities in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-103.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
40 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
20 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11555 | |||
Oval ID: | oval:org.mitre.oval:def:11555 | ||
Title: | Size Value Heap Corruption in pubconv.dll Vulnerability | ||
Description: | pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2569 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Microsoft Office Publisher 2002 Microsoft Office Publisher 2003 Microsoft Office Publisher 2007 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12187 | |||
Oval ID: | oval:org.mitre.oval:def:12187 | ||
Title: | Heap Overrun in pubconv.dll Vulnerability | ||
Description: | Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2570 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Microsoft Office Publisher 2002 Microsoft Office Publisher 2003 Microsoft Office Publisher 2007 Microsoft Office Publisher 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12277 | |||
Oval ID: | oval:org.mitre.oval:def:12277 | ||
Title: | Array Indexing Memory Corruption Vulnerability | ||
Description: | pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3955 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Microsoft Office Publisher 2002 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12298 | |||
Oval ID: | oval:org.mitre.oval:def:12298 | ||
Title: | Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability | ||
Description: | Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2571 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Microsoft Office Publisher 2002 Microsoft Office Publisher 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12381 | |||
Oval ID: | oval:org.mitre.oval:def:12381 | ||
Title: | Microsoft Publisher Memory Corruption Vulnerability | ||
Description: | Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3954 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Microsoft Office Publisher 2002 Microsoft Office Publisher 2003 Microsoft Office Publisher 2010 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-15 | Name : Microsoft Publisher Remote Code Execution Vulnerability (2292970) File : nvt/secpod_ms10-103.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69815 | Microsoft Office Publisher Array Indexing Memory Corruption A memory corruption flaw exists in Microsoft Office Publisher. The Publisher Converter (pubconv.dll) fails to sanitize user-supplied input when indexing arrays, resulting in memory corruption. With a specially crafted Publisher file, a context-dependent attacker can execute arbitrary code. |
69814 | Microsoft Office Publisher Malformed PUB File Handling Memory Corruption A memory corruption flaw exists in Microsoft Office Publisher. An unspecified error occurs when opening Publisher files, resulting in memory corruption. With a specially crafted Publisher file, a context-dependent attacker can execute arbitrary code. |
69813 | Microsoft Office Publisher pubconv.dll Array Indexing Memory Corruption A memory corruption flaw exists in Microsoft Office Publisher. The Publisher Converter (pubconv.dll) fails to sanitize user-supplied input when indexing arrays, resulting in memory corruption. With a specially crafted Publisher 97 file, a context-dependent attacker can execute arbitrary code. |
69812 | Microsoft Office Publisher pubconv.dll Unspecified Heap Overrun Microsoft Office Publisher is prone to an overflow condition. The Publisher Converter (pubconv.dll) fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted Publisher file, a context-dependent attacker can potentially execute arbitrary code. |
69811 | Microsoft Office Publisher pubconv.dll Size Value Handling Heap Corruption A memory corruption flaw exists in Microsoft Office Publisher. The Publisher Converter (pubconv.dll) fails to sanitize user-supplied input when parsing files, resulting in memory corruption. With a specially crafted Publisher file a context-dependent attacker can execute arbitrary code. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-12-16 | IAVM : 2010-A-0171 - Microsoft Office Publisher Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0025844 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-04-05 | Microsoft Office Publisher tyo.oty field heap overflow attempt RuleID : 37921 - Revision : 1 - Type : FILE-OFFICE |
2016-04-05 | Microsoft Office Publisher pubconv.dll corruption attempt RuleID : 37920 - Revision : 1 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Publisher pubconv.dll corruption attempt RuleID : 19306 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Publisher oversized oti length attempt RuleID : 18231 - Revision : 13 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Publisher memory corruption attempt RuleID : 18230 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Publisher 97 conversion remote code execution attempt RuleID : 18214 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Publisher column and row remote code execution attempt RuleID : 18213 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Publisher tyo.oty field heap overflow attempt RuleID : 18212 - Revision : 18 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-12-15 | Name : The version of Microsoft Office installed on the remote host has multiple mem... File : smb_nt_ms10-103.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:49 |
|
2014-01-19 21:30:34 |
|
2013-11-11 12:41:20 |
|