TITLE:
Microsoft Publisher Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA21863
VERIFY ADVISORY:
http://secunia.c
om/advisories/21863/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Microsoft Office 2000
http://secunia.com/pro
duct/24/
Microsoft Office 2003 Professional Edition
http://secunia.com/p
roduct/2276/
Microsoft Office 2003 Small Business Edition
http://secunia.com/p
roduct/2277/
Microsoft Office 2003 Standard Edition
http://secunia.com/p
roduct/2275/
Microsoft Office 2003 Student and Teacher Edition
http://secunia.com/p
roduct/2278/
Microsoft Office XP
http://secunia.com/pro
duct/23/
Microsoft Publisher 2000
http://secunia.com/pro
duct/29/
Microsoft Publisher 2002
http://secunia.com/pro
duct/30/
Microsoft Publisher 2003
http://secunia.com/
product/10986/
DESCRIPTION:
A vulnerability has been reported in Microsoft Publisher,
which
can
be exploited by malicious people to compromise a user's
system.
The vulnerability is caused due to a memory corruption error
in
Publisher when parsing ".pub" files with
malformed strings and
can be
exploited via a specially crafted document.
Successful exploitation allows execution of arbitrary code.
SOLUTION:
Apply patches.
Microsoft Office 2000 SP3:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=461A126B-596F-4E84-99F
D-03554AC55213
Microsoft Office XP SP3:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=0356B9FB-2CD5-4A50-95F
6-54846D39B6EA
Microsoft Office 2003 SP1/SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=2EEB43F1-E2B6-4B78-98A
1-E8B04242438A
ORIGINAL ADVISORY:
MS06-054 (KB910729):
http://www.microsoft.com/technet/security/Bullet
in/MS06-054.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|