Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Publisher vulnerability could allow remote code execution


Report ID: MS201112005
Date Published: 14 December 2011

Criticality: Important
Compromise Type: application-crash
Compromise From: local-system


Affected Product/Component:

Microsoft Publisher 2003
Microsoft Publisher 2007




Summary

Four vulnerabilities in Microsoft Publisher could each leads to remote code execution.



Detailed Description

Microsoft has issued a security update for Microsoft Publisher to address four reported vulnerabilities, each of which could allow an attacker to execute arbitrary code and take control of an affected system. The vulnerabilities exist due to improper memory handling involving the function pointers and memory values.

All of the reported issues have been addressed by correcting the way that Microsoft Publisher parses files. Users are recommended to install the latest update for applicable components as a protection against exploits on those vulnerabilities.



CVE Reference

CVE-2011-1508
CVE-2011-3410
CVE-2011-3411
CVE-2011-3412



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-091)



Online Virus Scanner

 
Run a quick online virus scan of your computer.