| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS10-022 | Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169) | Microsoft Office | Critical | 14-04-2010 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way that Microsoft Office Publisher opens Publisher files. An attacker could exploit the vulnerability by creating a specially crafted Publisher file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site, and then convincing the user to open the specially crafted Publisher file.
Further information on this exploit is available at : MS10-023
Affected Software
Microsoft Office Publisher 2002 Service Pack 3Microsoft Office Publisher 2003 Service Pack 3
Microsoft Office Publisher 2007 Service Pack 1
Microsoft Office Publisher 2007 Service Pack 2