1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Vulnerability protection

Microsoft Publisher vulnerability could allow remote code execution

Report ID: MS201112005
Date Published: 14 December 2011

Criticality: Important
Compromise Type: application-crash
Compromise From: local-system

Affected Product/Component:

Microsoft Publisher 2003
Microsoft Publisher 2007


Four vulnerabilities in Microsoft Publisher could each leads to remote code execution.

Detailed Description

Microsoft has issued a security update for Microsoft Publisher to address four reported vulnerabilities, each of which could allow an attacker to execute arbitrary code and take control of an affected system. The vulnerabilities exist due to improper memory handling involving the function pointers and memory values.

All of the reported issues have been addressed by correcting the way that Microsoft Publisher parses files. Users are recommended to install the latest update for applicable components as a protection against exploits on those vulnerabilities.

CVE Reference



Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-091)

Online Virus Scanner

Run a quick online virus scan of your computer.