CVE-2008-0102
https://notcve.org/view.php?id=CVE-2008-0102
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." Vulnerabilidad no especificada de Microsoft Office Publisher 2000, 2002, y 2003 SP2 permite a atacantes remotos ejecutar código de su elección a través del fichero manipulado .pub, relativo a invalidad "valores de memoria", también conocido como "Publisher Invalid Memory Reference Vulnerability". • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28906 http://www.securityfocus.com/bid/27739 http://www.securitytracker.com/id?1019376 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0514/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5305 • CWE-399: Resource Management Errors •
CVE-2008-0104
https://notcve.org/view.php?id=CVE-2008-0104
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." Vulnerabilidad sin especificar en Microsoft Office Publisher 2000, 2002 y 2003 SP2. Permite a atacantes remotos ejecutar código de su elección a través de un archivo .pub manipulado, también conocido como "Publisher Memory Corruption Vulnerability." • http://marc.info/?l=bugtraq&m=120361015026386&w=2 http://secunia.com/advisories/28906 http://www.securityfocus.com/bid/27740 http://www.securitytracker.com/id?1019377 http://www.us-cert.gov/cas/techalerts/TA08-043C.html http://www.vupen.com/english/advisories/2008/0514/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4547 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-6534
https://notcve.org/view.php?id=CVE-2007-6534
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. Múltiples vulnerabilidades no especificadas en Microsoft Office Publisher permiten a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída de aplicación) mediante un archivo PUB manipulado, posiblemente involucrando un wordart. • http://securityreason.com/securityalert/3490 http://www.securityfocus.com/archive/1/485456/100/0/threaded http://www.securityfocus.com/bid/26982 • CWE-20: Improper Input Validation •
CVE-2007-1754
https://notcve.org/view.php?id=CVE-2007-1754
PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". La biblioteca PUBCONV.DLL en Microsoft Office Publisher 2007 no borra apropiadamente la memoria al transferir datos del disco a la memoria, lo que permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de una página .pub malformada mediante un valor negativo determinado, que omite un procedimiento de saneamiento que inicializa punteros críticos a NULL, también se conoce como la "Publisher Invalid Memory Reference Vulnerabilityā€¯. • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35953 http://research.eeye.com/html/advisories/published/AD20070710.html http://secunia.com/advisories/25988 http://www.securityfocus.com/archive/1/473309/100/0/threaded http://www.securitytracker.com/id?1018353 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2479 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037 • CWE-399: Resource Management Errors •
CVE-2007-1117
https://notcve.org/view.php?id=CVE-2007-1117
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source. Vulnerabilidad no especificada en Publisher 2007 en Microsoft Office 2007 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, relacionados con una "vulnerabilidad de formato de fichero". NOTA: Esta información se basa sobre una pre-consulta vaga sin la información accionable. • http://news.com.com/2100-1002_3-6161835.html http://osvdb.org/45264 http://research.eeye.com/html/advisories/upcoming/20070216.html http://www.securityfocus.com/bid/22702 •