F-Secure
Tools
Microsoft Office Publisher Pointer Dereference Vulnerability
| Report ID: | SA200903396 |
| Source: | Secunia |
| Date of Discovery: | 14.07.2009 |
| Criticality: | Urgent |
| Affects: | Microsoft Office 2007 Microsoft Office Publisher 2007 |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
A vulnerability has been reported in Microsoft Office Publisher, which can be exploited by malicious people to compromise a user's system.
Detailed Description
The vulnerability is caused due to an error in calculating object handler data when opening files created in older versions of Publisher. This can be exploited to corrupt memory and cause an invalid value to be dereferenced as a pointer via a specially crafted Publisher file.
Successful exploitation allows execution of arbitrary code.
Successful exploitation allows execution of arbitrary code.
Solution
Apply patches.
Microsoft Office Publisher 2007 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=d4b0665d-5744-49c7-a3c0-f231fd08d3b8
Microsoft Office Publisher 2007 SP1:
http://www.microsoft.com/downloads/details.aspx?familyid=d4b0665d-5744-49c7-a3c0-f231fd08d3b8