TITLE:
Microsoft Office Publisher Invalid Memory Reference
Vulnerability
SECUNIA ADVISORY ID:
SA25988
VERIFY ADVISORY:
http://secunia.c
om/advisories/25988/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Office Publisher 2007
http://secunia.com/
product/14162/
Microsoft Office 2007
http://secunia.com/
product/13228/
DESCRIPTION:
A vulnerability has been reported in Microsoft Office
Publisher
2007,
which can be exploited by malicious people to compromise a
user's
system.
The vulnerability is caused due to the application not
properly
validating memory values when writing application data from
disk to
memory. This can be exploited by tricking a user into
viewing a
specially crafted Publisher (.pub) page.
Successful exploitation allows execution of arbitrary code.
SOLUTION:
Apply patches.
Microsoft Office Publisher 2007:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=25D272E7-F2DD-4342-92B
E-7EBC2E770B44
ORIGINAL ADVISORY:
MS07-037 (KB936548):
http://www.microsoft.com/technet/security/Bullet
in/MS07-037.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
