CVSS: 10.0EPSS: 62%CPEs: 4EXPL: 0CVE-2010-0479 – Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2010-0479
13 Apr 2010 — Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." Desbordamiento del búfer en Microsoft Office Publisher 2002 SP3, 2003 SP3, y 2007 SP1 y SP2 permite a atacantes remotos ejecutar codigo de su elección a través de un fichero Publisher manipulado, conocido como "Microsoft Office Publisher File Con... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 48%CPEs: 1EXPL: 0CVE-2009-0566
https://notcve.org/view.php?id=CVE-2009-0566
15 Jul 2009 — Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." Microsoft Office Publisher 2007 SP1 no calcula adecuadamente los datos de manejo del objeto (object handler data) para los archivos de Publisher, lo que permite a atacantes remotos ejecutar código de su elección a través de un archivo mani... • http://osvdb.org/55838 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 10%CPEs: 23EXPL: 0CVE-2008-3068
https://notcve.org/view.php?id=CVE-2008-3068
07 Jul 2008 — Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como la... • http://securityreason.com/securityalert/3978 •
CVSS: 7.1EPSS: 20%CPEs: 5EXPL: 0CVE-2007-6534
https://notcve.org/view.php?id=CVE-2007-6534
27 Dec 2007 — Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. Múltiples vulnerabilidades no especificadas en Microsoft Office Publisher permiten a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída de aplicación) mediante un archivo PUB manipulado, posiblemente involucrando un wordart. • http://securityreason.com/securityalert/3490 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 62%CPEs: 1EXPL: 0CVE-2007-1754
https://notcve.org/view.php?id=CVE-2007-1754
10 Jul 2007 — PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". La biblioteca PUBCONV.DLL en Microsoft Office Publisher 2007 no borra apropiadamente la memoria al transferir datos del ... • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 39%CPEs: 1EXPL: 0CVE-2007-1117
https://notcve.org/view.php?id=CVE-2007-1117
27 Feb 2007 — Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. Vulnerabilidad no especificada en Publisher 2007 en Microsoft Office 2007 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, relacionados co... • http://news.com.com/2100-1002_3-6161835.html •