Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19845
HistoryMay 14, 2008 - 12:00 a.m.

Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability

2008-05-1400:00:00
vulners.com
9

/********************************************************************************************
Please join us to pray for the people still in the huge earthquake in
eastern Sichuan, China.
*********************************************************************************************/

Microsoft Office Publisher PUB File Parsing Remote Memory Corruption
Vulnerability

by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net

Summary:

A memory corruption vulnerability exists in Microsoft Office

Publisher while it is parsing PUB file. An attacker who successfully
exploit this vulnerability can execute arbitrary code on the affected
system.

Affected Software Versions:

Microsoft Office Publisher 2007 0
Microsoft Office Publisher 2003 SP3
Microsoft Office Publisher 2003 SP2
Microsoft Office Publisher 2002 SP3
Microsoft Office Publisher 2000 SP3
Microsoft Office Publisher 2007 SP1

Details:

Currently there is no details released.

Solution:

Microsoft has released an advisory for this vulnerability which is

available on:

http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx

CVE Information:

CVE-2008-0119

Disclosure Timeline:

2007.12.10        Vendor notified
2007.12.10        Vendor responded
2008.05.13        Coordinated public disclosure             

–EOF–