CVSS: 9.3EPSS: 58%CPEs: 2EXPL: 0CVE-2010-2571
https://notcve.org/view.php?id=CVE-2010-2571
16 Dec 2010 — Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability." Error de índice de matriz en pubconv.dll (también conocido como Publisher Converter DLL) en Microsoft Publisher 2002 Service Pack 3 y Service Pack 3 de 2003 permite a atacantes remotos ejecutar código de su elección a través de un ... • http://www.securitytracker.com/id?1024885 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 62%CPEs: 4EXPL: 0CVE-2010-0479 – Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2010-0479
13 Apr 2010 — Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability." Desbordamiento del búfer en Microsoft Office Publisher 2002 SP3, 2003 SP3, y 2007 SP1 y SP2 permite a atacantes remotos ejecutar codigo de su elección a través de un fichero Publisher manipulado, conocido como "Microsoft Office Publisher File Con... • http://www.us-cert.gov/cas/techalerts/TA10-103A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 2%CPEs: 30EXPL: 0CVE-2009-3731
https://notcve.org/view.php?id=CVE-2009-3731
16 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) ... • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 48%CPEs: 1EXPL: 0CVE-2009-0566
https://notcve.org/view.php?id=CVE-2009-0566
15 Jul 2009 — Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." Microsoft Office Publisher 2007 SP1 no calcula adecuadamente los datos de manejo del objeto (object handler data) para los archivos de Publisher, lo que permite a atacantes remotos ejecutar código de su elección a través de un archivo mani... • http://osvdb.org/55838 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 10%CPEs: 23EXPL: 0CVE-2008-3068
https://notcve.org/view.php?id=CVE-2008-3068
07 Jul 2008 — Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como la... • http://securityreason.com/securityalert/3978 •
CVSS: 10.0EPSS: 59%CPEs: 3EXPL: 0CVE-2008-0102
https://notcve.org/view.php?id=CVE-2008-0102
12 Feb 2008 — Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." Vulnerabilidad no especificada de Microsoft Office Publisher 2000, 2002, y 2003 SP2 permite a atacantes remotos ejecutar código de su elección a través del fichero manipulado .pub, relativo a invalidad "valores de memoria", también conocido como "Publisher Invalid... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 48%CPEs: 4EXPL: 0CVE-2008-0104
https://notcve.org/view.php?id=CVE-2008-0104
12 Feb 2008 — Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." Vulnerabilidad sin especificar en Microsoft Office Publisher 2000, 2002 y 2003 SP2. Permite a atacantes remotos ejecutar código de su elección a través de un archivo .pub manipulado, también conocido como "Publisher Memory Corruption Vulnerability." • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 20%CPEs: 5EXPL: 0CVE-2007-6534
https://notcve.org/view.php?id=CVE-2007-6534
27 Dec 2007 — Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. Múltiples vulnerabilidades no especificadas en Microsoft Office Publisher permiten a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída de aplicación) mediante un archivo PUB manipulado, posiblemente involucrando un wordart. • http://securityreason.com/securityalert/3490 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 62%CPEs: 1EXPL: 0CVE-2007-1754
https://notcve.org/view.php?id=CVE-2007-1754
10 Jul 2007 — PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". La biblioteca PUBCONV.DLL en Microsoft Office Publisher 2007 no borra apropiadamente la memoria al transferir datos del ... • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 39%CPEs: 1EXPL: 0CVE-2007-1117
https://notcve.org/view.php?id=CVE-2007-1117
27 Feb 2007 — Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. Vulnerabilidad no especificada en Publisher 2007 en Microsoft Office 2007 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, relacionados co... • http://news.com.com/2100-1002_3-6161835.html •