Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397) |
Informations | |||
---|---|---|---|
Name | MS13-042 | First vendor Publication | 2013-05-14 |
Vendor | Microsoft | Last vendor Modification | 2013-05-14 |
Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (May 14, 2013): Bulletin published. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms13-042 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
38 % | CWE-20 | Improper Input Validation |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
12 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
12 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16355 | |||
Oval ID: | oval:org.mitre.oval:def:16355 | ||
Title: | Signed integer vulnerability in Microsoft Publisher - MS13-042 | ||
Description: | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1327 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16525 | |||
Oval ID: | oval:org.mitre.oval:def:16525 | ||
Title: | Return value validation vulnerability in Microsoft Publisher - MS13-042 | ||
Description: | Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1321 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16548 | |||
Oval ID: | oval:org.mitre.oval:def:16548 | ||
Title: | Integer overflow vulnerability in Microsoft Publisher - MS13-042 | ||
Description: | Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1317 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16554 | |||
Oval ID: | oval:org.mitre.oval:def:16554 | ||
Title: | Buffer underflow vulnerability in Microsoft Publisher - CVE-2013-1329 - MS13-042 | ||
Description: | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1329 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16584 | |||
Oval ID: | oval:org.mitre.oval:def:16584 | ||
Title: | Negative value allocation vulnerability in Microsoft Publisher - MS13-042 | ||
Description: | Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1316 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16669 | |||
Oval ID: | oval:org.mitre.oval:def:16669 | ||
Title: | Invalid range check vulnerability in Microsoft Publisher - MS13-042 | ||
Description: | Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1322 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16682 | |||
Oval ID: | oval:org.mitre.oval:def:16682 | ||
Title: | Corrupt interface pointer vulnerability in Microsoft Publisher - MS13-042 | ||
Description: | Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1318 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16733 | |||
Oval ID: | oval:org.mitre.oval:def:16733 | ||
Title: | Incorrect NULL value handling vulnerability in Microsoft Publisher - MS13-042 | ||
Description: | Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1323 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16749 | |||
Oval ID: | oval:org.mitre.oval:def:16749 | ||
Title: | Return value handling vulnerability in Microsoft Publisher - MS13-042 | ||
Description: | Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1319 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16765 | |||
Oval ID: | oval:org.mitre.oval:def:16765 | ||
Title: | Pointer handling vulnerability in Microsoft Publisher - MS13-042 | ||
Description: | Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1328 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 Microsoft Publisher 2007 Microsoft Publisher 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16776 | |||
Oval ID: | oval:org.mitre.oval:def:16776 | ||
Title: | Buffer overflow vulnerability in Microsoft Publisher - MS13-042 | ||
Description: | Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1320 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-05-16 | IAVM : 2013-A-0107 - Multiple Microsoft Publisher Remote Code Execution Vulnerabilities Severity : Category II - VMSKEY : V0037937 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-05-15 | Name : Microsoft Publisher, a component of Microsoft Office installed on the remote ... File : smb_nt_ms13-042.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-27 02:01:52 |
|
2014-02-17 11:47:40 |
|
2013-11-11 12:41:33 |
|
2013-05-16 17:04:50 |
|
2013-05-15 13:21:21 |
|
2013-05-14 21:15:43 |
|