<< Back
CVE Number Vulnerability Product Severity Date
MS11-091 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702) Microsoft Office Important 14-12-2011

Technical Information

Brief overview of the risk:
This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker could exploit the vulnerability by creating a specially crafted Publisher file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site, and then convincing the user to insert this specially crafted Publisher file into another Publisher document. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Further information on this exploit is available at : MS11-091

Affected Software

Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2007 Service Pack 3