The good folks over at Secunia have the skinny on a “highly critical” problem with Microsoft Publisher. From their site:
Description:
A vulnerability has been reported in Microsoft Publisher, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a memory corruption error in Publisher when parsing “.pub” files with malformed strings and can be exploited via a specially crafted document.
Successful exploitation allows execution of arbitrary code.
Solution:
Apply patches.
Microsoft Office 2000 SP3:
http://www.microsoft.com/downloads/de…=461A126B-596F-4E84-99FD-03554AC55213
Microsoft Office XP SP3:
http://www.microsoft.com/downloads/de…=0356B9FB-2CD5-4A50-95F6-54846D39B6EA
Microsoft Office 2003 SP1/SP2:
http://www.microsoft.com/downloads/de…=2EEB43F1-E2B6-4B78-98A1-E8B04242438A
[tags]Microsoft Publisher, Code Execution Vulnerability, Remote Exploit, Secunia[/tags]
