Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2010-04-14 |
| Product | Publisher | Last view | 2014-04-08 |
| Version | 2003 | Type | Application |
| Update | sp3 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:publisher | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.3 | 2014-04-08 | CVE-2014-1759 | pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability." |
| 9.3 | 2013-05-14 | CVE-2013-1329 | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." |
| 9.3 | 2013-05-14 | CVE-2013-1328 | Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability." |
| 9.3 | 2013-05-14 | CVE-2013-1327 | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." |
| 9.3 | 2013-05-14 | CVE-2013-1323 | Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability." |
| 10 | 2013-05-14 | CVE-2013-1322 | Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability." |
| 9.3 | 2013-05-14 | CVE-2013-1321 | Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability." |
| 10 | 2013-05-14 | CVE-2013-1320 | Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability." |
| 10 | 2013-05-14 | CVE-2013-1319 | Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability." |
| 10 | 2013-05-14 | CVE-2013-1318 | Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." |
| 9.3 | 2013-05-14 | CVE-2013-1317 | Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability." |
| 9.3 | 2013-05-14 | CVE-2013-1316 | Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability." |
| 9.3 | 2011-12-13 | CVE-2011-3412 | Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability." |
| 9.3 | 2011-12-13 | CVE-2011-3411 | Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability." |
| 9.3 | 2011-12-13 | CVE-2011-3410 | Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability." |
| 9.3 | 2011-12-13 | CVE-2011-1508 | Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability." |
| 9.3 | 2010-12-16 | CVE-2010-3954 | Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability." |
| 9.3 | 2010-12-16 | CVE-2010-2571 | Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability." |
| 9.3 | 2010-12-16 | CVE-2010-2570 | Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability." |
| 9.3 | 2010-12-16 | CVE-2010-2569 | pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability." |
| 9.3 | 2010-04-14 | CVE-2010-0479 | Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 29% (5) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 29% (5) | CWE-20 | Improper Input Validation |
| 23% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 11% (2) | CWE-189 | Numeric Errors |
| 5% (1) | CWE-190 | Integer Overflow or Wraparound |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Publisher File Conversion Textbox buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77672 | Microsoft Office Publisher Unspecified Publisher File Handling Remote Memory ... |
| 77671 | Microsoft Office Publisher Invalid Pointer Publisher File Handling Remote Mem... |
| 77670 | Microsoft Office Publisher Array Indexing Publisher File Handling Remote Memo... |
| 76460 | Microsoft Office Publisher pubconv.dll .pub File Handling Overflow |
| 69814 | Microsoft Office Publisher Malformed PUB File Handling Memory Corruption |
| 69813 | Microsoft Office Publisher pubconv.dll Array Indexing Memory Corruption |
| 69812 | Microsoft Office Publisher pubconv.dll Unspecified Heap Overrun |
| 69811 | Microsoft Office Publisher pubconv.dll Size Value Handling Heap Corruption |
| 63748 | Microsoft Office Publisher 97 File Conversion TextBox Processing Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-12-14 | Name : Microsoft Publisher Remote Code Execution Vulnerabilities (2607702) File : nvt/secpod_ms11-091.nasl |
| 2010-12-15 | Name : Microsoft Publisher Remote Code Execution Vulnerability (2292970) File : nvt/secpod_ms10-103.nasl |
| 2010-04-14 | Name : Microsoft Office Publisher Remote Code Execution Vulnerability (981160) File : nvt/secpod_ms10-023.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2014-A-0050 | Microsoft Publisher Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0048679 |
| 2013-A-0107 | Multiple Microsoft Publisher Remote Code Execution Vulnerabilities Severity: Category II - VMSKEY: V0037937 |
| 2010-A-0171 | Microsoft Office Publisher Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0025844 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-04-13 | Microsoft Office Publisher 2003 EscherStm memory corruption attempt RuleID : 49432 - Type : FILE-OFFICE - Revision : 1 |
| 2019-04-13 | Microsoft Office Publisher 2003 EscherStm memory corruption attempt RuleID : 49431 - Type : FILE-OFFICE - Revision : 2 |
| 2019-03-14 | Microsoft Office Publisher Opltc memory corruption attempt RuleID : 49183 - Type : FILE-OFFICE - Revision : 2 |
| 2019-03-14 | Microsoft Office Publisher Opltc memory corruption attempt RuleID : 49182 - Type : FILE-OFFICE - Revision : 2 |
| 2016-04-05 | Microsoft Office Publisher tyo.oty field heap overflow attempt RuleID : 37921 - Type : FILE-OFFICE - Revision : 1 |
| 2016-04-05 | Microsoft Office Publisher pubconv.dll corruption attempt RuleID : 37920 - Type : FILE-OFFICE - Revision : 1 |
| 2015-02-05 | Microsoft Office Publisher 2003 EscherStm memory corruption attempt RuleID : 32961 - Type : FILE-OFFICE - Revision : 4 |
| 2015-02-05 | Microsoft Office Publisher 2003 EscherStm memory corruption attempt RuleID : 32960 - Type : FILE-OFFICE - Revision : 3 |
| 2014-01-10 | Microsoft Office Publisher Opltc memory corruption attempt RuleID : 21423 - Type : FILE-OFFICE - Revision : 13 |
| 2014-01-10 | Microsoft Office Publisher 2003 EscherStm memory corruption attempt RuleID : 21243 - Type : FILE-OFFICE - Revision : 12 |
| 2014-01-10 | Microsoft Office Publisher PLC object memory corruption attempt RuleID : 20721 - Type : FILE-OFFICE - Revision : 14 |
| 2014-01-10 | Microsoft Office Publisher 2003 EscherStm memory corruption attempt RuleID : 20720 - Type : FILE-OFFICE - Revision : 16 |
| 2014-01-10 | Microsoft Office Publisher Opltc memory corruption attempt RuleID : 20719 - Type : FILE-OFFICE - Revision : 12 |
| 2014-01-10 | Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt RuleID : 19414 - Type : FILE-OFFICE - Revision : 15 |
| 2014-01-10 | Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt RuleID : 19413 - Type : FILE-OFFICE - Revision : 16 |
| 2014-01-10 | Microsoft Office Publisher pubconv.dll corruption attempt RuleID : 19306 - Type : FILE-OFFICE - Revision : 14 |
| 2014-01-10 | Microsoft Office Publisher memory corruption attempt RuleID : 18230 - Type : FILE-OFFICE - Revision : 14 |
| 2014-01-10 | Microsoft Office Publisher 97 conversion remote code execution attempt RuleID : 18214 - Type : FILE-OFFICE - Revision : 15 |
| 2014-01-10 | Microsoft Office Publisher column and row remote code execution attempt RuleID : 18213 - Type : FILE-OFFICE - Revision : 10 |
| 2014-01-10 | Microsoft Office Publisher tyo.oty field heap overflow attempt RuleID : 18212 - Type : FILE-OFFICE - Revision : 18 |
| 2014-01-10 | Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt RuleID : 16542 - Type : FILE-OFFICE - Revision : 20 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-04-08 | Name: Microsoft Publisher, a component of Microsoft Office installed on the remote ... File: smb_nt_ms14-020.nasl - Type: ACT_GATHER_INFO |
| 2013-05-15 | Name: Microsoft Publisher, a component of Microsoft Office installed on the remote ... File: smb_nt_ms13-042.nasl - Type: ACT_GATHER_INFO |
| 2011-12-13 | Name: The version of Microsoft Office installed on the remote host has multiple vul... File: smb_nt_ms11-091.nasl - Type: ACT_GATHER_INFO |
| 2010-12-15 | Name: The version of Microsoft Office installed on the remote host has multiple mem... File: smb_nt_ms10-103.nasl - Type: ACT_GATHER_INFO |
| 2010-04-13 | Name: The version of Microsoft Office installed on the remote host has a buffer ove... File: smb_nt_ms10-023.nasl - Type: ACT_GATHER_INFO |
