CVSS: 10.0EPSS: 82%CPEs: 4EXPL: 0CVE-2010-0479 – Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2010-0479
Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." Desbordamiento del búfer en Microsoft Office Publisher 2002 SP3, 2003 SP3, y 2007 SP1 y SP2 permite a atacantes remotos ejecutar codigo de su elección a través de un fichero Publisher manipulado, conocido como "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires user interaction in that a victim must open a malicious PUB file. The specific flaw exists within the code responsible for converting files from the Publisher 97 format. While processing a TextBox item, several programming errors can be triggered allowing a maliciously created publisher file to execute arbitrary code under the context of the user opening the file. • http://www.us-cert.gov/cas/techalerts/TA10-103A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-023 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7141 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 56%CPEs: 1EXPL: 0CVE-2009-0566
https://notcve.org/view.php?id=CVE-2009-0566
Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." Microsoft Office Publisher 2007 SP1 no calcula adecuadamente los datos de manejo del objeto (object handler data) para los archivos de Publisher, lo que permite a atacantes remotos ejecutar código de su elección a través de un archivo manipulado en un formato heredado que provoca una corrupción de memoria. También concido como "Vulnerabilidad de Deferencia de Puntero". • http://osvdb.org/55838 http://www.securityfocus.com/bid/35599 http://www.securitytracker.com/id?1022546 http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://www.vupen.com/english/advisories/2009/1888 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6285 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 4%CPEs: 23EXPL: 0CVE-2008-3068
https://notcve.org/view.php?id=CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como las usadas en Outlook, Windows Live Mail, y Office 2007, realiza una lista de revocación de certificado (CRL) utilizando una URL arbitraria de un certificado incluido en (1) mensaje de correo electrónico S/MIME o (2) documento firmado, lo que permite a atacantes remotos conseguir tiempos de lectura y direcciones IP de recipientes, y resultados de escaneo de puerto, a través de un certificado manipulado con una extensión de de una Authority Information Access (AIA). • http://securityreason.com/securityalert/3978 http://www.securityfocus.com/archive/1/493947/100/0/threaded http://www.securityfocus.com/archive/1/494101/100/0/threaded http://www.securityfocus.com/bid/28548 http://www.securitytracker.com/id?1019736 http://www.securitytracker.com/id?1019737 http://www.securitytracker.com/id?1019738 https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt https://www.cynops.de/advisories/AK •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2007-6534
https://notcve.org/view.php?id=CVE-2007-6534
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. Múltiples vulnerabilidades no especificadas en Microsoft Office Publisher permiten a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída de aplicación) mediante un archivo PUB manipulado, posiblemente involucrando un wordart. • http://securityreason.com/securityalert/3490 http://www.securityfocus.com/archive/1/485456/100/0/threaded http://www.securityfocus.com/bid/26982 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 89%CPEs: 1EXPL: 0CVE-2007-1754
https://notcve.org/view.php?id=CVE-2007-1754
PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". La biblioteca PUBCONV.DLL en Microsoft Office Publisher 2007 no borra apropiadamente la memoria al transferir datos del disco a la memoria, lo que permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de una página .pub malformada mediante un valor negativo determinado, que omite un procedimiento de saneamiento que inicializa punteros críticos a NULL, también se conoce como la "Publisher Invalid Memory Reference Vulnerabilityā€¯. • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35953 http://research.eeye.com/html/advisories/published/AD20070710.html http://secunia.com/advisories/25988 http://www.securityfocus.com/archive/1/473309/100/0/threaded http://www.securitytracker.com/id?1018353 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2479 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037 • CWE-399: Resource Management Errors •