Vulnerabilities > CVE-2013-1327 - Numeric Errors vulnerability in Microsoft Publisher 2003
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS13-042 |
bulletin_url | |
date | 2013-05-14T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2830397 |
knowledgebase_url | |
severity | Important |
title | Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS13-042.NASL |
description | The Publisher component of Microsoft Office installed on the remote host is affected by multiple vulnerabilities : - The application has a negative value allocation vulnerability. (CVE-2013-1316) - The application has an integer overflow vulnerability. (CVE-2013-1317) - The application has a corrupt interface pointer vulnerability. (CVE-2013-1318) - The application has a return value handling vulnerability. (CVE-2013-1319) - The application has a buffer overflow vulnerability. (CVE-2013-1320) - The application has a return value validation vulnerability. (CVE-2013-1321) - The application has an invalid range check vulnerability. (CVE-2013-1322) - The application has an incorrect NULL value handling vulnerability. (CVE-2013-1323) - The application has a signed integer vulnerability. (CVE-2013-1327) - The application has a pointer handling vulnerability. (CVE-2013-1328) - The application has a buffer underflow vulnerability. (CVE-2013-1329) A remote attacker could exploit these by tricking a user into opening a specially crafted Publisher file, resulting in remote code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 66417 |
published | 2013-05-15 |
reporter | This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/66417 |
title | MS13-042: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397) |
code |
|
Oval
accepted | 2014-08-18T04:01:34.818-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:16355 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2013-05-17T11:17:16 | ||||||||||||
title | Signed integer vulnerability in Microsoft Publisher - MS13-042 | ||||||||||||
version | 12 |