Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Publisher vulnerabilities could allow remote code execution


Report ID: MS201305006
Date Published: 15 May 2013

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Publisher 2003
Microsoft Publisher 2007
Microsoft Publisher 2010




Summary

Multiple vulnerabilities were discovered in Microsoft Publisher, each of which could allow an attacker to execute code on an affected system if successfully exploited.



Detailed Description

Microsoft has released a security update to address multiple vulnerabilities that were discovered in Microsoft Publisher. The vulnerabilities were caused by various errors and flaws when parsing Publisher files, but each of them could allow an attacker to execute arbitrary code and take control of a system if successfully exploited. 

The vulnerabilities have been patched through the latest update by correcting the way of parsing Publisher files. Users are recommended to install the update to their system as a protection measure against possible exploit attempts.



CVE Reference

CVE-2013-1316, CVE-2013-1317, CVE-2013-1318, CVE-2013-1319, CVE-2013-1320, CVE-2013-1321, CVE-2013-1322, CVE-2013-1323, CVE-2013-1327, CVE-2013-1328, CVE-2013-1329



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-042)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.