Microsoft Publisher vulnerabilities could allow remote code execution
Report ID: MS201305006
Date Published: 15 May 2013
Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft Publisher 2003
Microsoft Publisher 2007
Microsoft Publisher 2010
Summary
Multiple vulnerabilities were discovered in Microsoft Publisher, each of which could allow an attacker to execute code on an affected system if successfully exploited.
Detailed Description
Microsoft has released a security update to address multiple vulnerabilities that were discovered in Microsoft Publisher. The vulnerabilities were caused by various errors and flaws when parsing Publisher files, but each of them could allow an attacker to execute arbitrary code and take control of a system if successfully exploited.
The vulnerabilities have been patched through the latest update by correcting the way of parsing Publisher files. Users are recommended to install the update to their system as a protection measure against possible exploit attempts.
CVE Reference
CVE-2013-1316, CVE-2013-1317, CVE-2013-1318, CVE-2013-1319, CVE-2013-1320, CVE-2013-1321, CVE-2013-1322, CVE-2013-1323, CVE-2013-1327, CVE-2013-1328, CVE-2013-1329
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-042)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
