CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS07-037 | Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548) | 2007 Microsoft | Critical | 11-07-2007 |
Technical Information
Brief overview of the risk:
This vulnerability could allow remote code execution if a user viewed a specially crafted Microsoft Office Publisher file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. User interaction is required to exploit this vulnerability.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way Publisher does not adequately clear out memory resources when writing application data from disk to memory. An attacker could exploit the vulnerability by constructing a specially crafted Publisher (.pub) page. When a user views the .pub page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.Further information on this exploit is available at : MS07-037