Microsoft Publisher vulnerability could allow remote code execution
Report ID: MS201112005
Date Published: 14 December 2011
Compromise Type: application-crash
Compromise From: local-system
Microsoft Publisher 2003
Microsoft Publisher 2007
Four vulnerabilities in Microsoft Publisher could each leads to remote code execution.
Microsoft has issued a security update for Microsoft Publisher to address four reported vulnerabilities, each of which could allow an attacker to execute arbitrary code and take control of an affected system. The vulnerabilities exist due to improper memory handling involving the function pointers and memory values.
All of the reported issues have been addressed by correcting the way that Microsoft Publisher parses files. Users are recommended to install the latest update for applicable components as a protection against exploits on those vulnerabilities.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-091)