TITLE: Microsoft Publisher Code Execution Vulnerability SECUNIA ADVISORY ID: SA21863
VERIFY ADVISORY: http://secunia.com/advisories/21863/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Office 2000 http://secunia.com/product/24/ Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/ Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/ Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/ Microsoft Office XP http://secunia.com/product/23/ Microsoft Publisher 2000 http://secunia.com/product/29/ Microsoft Publisher 2002 http://secunia.com/product/30/ Microsoft Publisher 2003 http://secunia.com/product/10986/ DESCRIPTION: A vulnerability has been reported in Microsoft Publisher, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a memory corruption error in Publisher when parsing ".pub" files with malformed strings and can be exploited via a specially crafted document. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office 2000 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=461A126B-596F-4E84-99FD-03554AC55213 Microsoft Office XP SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=0356B9FB-2CD5-4A50-95F6-54846D39B6EA Microsoft Office 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=2EEB43F1-E2B6-4B78-98A1-E8B04242438A ORIGINAL ADVISORY: MS06-054 (KB910729): http://www.microsoft.com/technet/security/Bulletin/MS06-054.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
