<< Back
CVE Number Vulnerability Product Severity Date
MS10-103 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970) Microsoft Office Critical 15-12-2010

Technical Information

Brief overview of the risk:
This security update resolves five privately reported vulnerabilities in Microsoft Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker could exploit the vulnerability by creating a specially crafted Publisher file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site, and then convincing the user to open the specially crafted Publisher file. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Further information on this exploit is available at : MS10-103

Affected Software

Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 (32-bit editions)
Microsoft Office 2010 (64-bit editions)