Vulnerabilities > CVE-2013-1329 - Numeric Errors vulnerability in Microsoft Publisher 2003
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS13-042 |
bulletin_url | |
date | 2013-05-14T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2830397 |
knowledgebase_url | |
severity | Important |
title | Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS13-042.NASL |
description | The Publisher component of Microsoft Office installed on the remote host is affected by multiple vulnerabilities : - The application has a negative value allocation vulnerability. (CVE-2013-1316) - The application has an integer overflow vulnerability. (CVE-2013-1317) - The application has a corrupt interface pointer vulnerability. (CVE-2013-1318) - The application has a return value handling vulnerability. (CVE-2013-1319) - The application has a buffer overflow vulnerability. (CVE-2013-1320) - The application has a return value validation vulnerability. (CVE-2013-1321) - The application has an invalid range check vulnerability. (CVE-2013-1322) - The application has an incorrect NULL value handling vulnerability. (CVE-2013-1323) - The application has a signed integer vulnerability. (CVE-2013-1327) - The application has a pointer handling vulnerability. (CVE-2013-1328) - The application has a buffer underflow vulnerability. (CVE-2013-1329) A remote attacker could exploit these by tricking a user into opening a specially crafted Publisher file, resulting in remote code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 66417 |
published | 2013-05-15 |
reporter | This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/66417 |
title | MS13-042: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397) |
code |
|
Oval
accepted | 2014-08-18T04:01:41.864-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:16554 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2013-05-17T11:17:16 | ||||||||||||
title | Buffer underflow vulnerability in Microsoft Publisher - CVE-2013-1329 - MS13-042 | ||||||||||||
version | 12 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 59772 CVE(CAN) ID: CVE-2013-1329 Microsoft Publisher是微软公司发行的桌面出版应用软件。 Microsoft Publisher 分析 Publisher 文件的方式中存在多个远程执行代码漏洞。成功利用任一漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。 0 Microsoft Office 2003 Microsoft Office 2010 Microsoft Office 2007 Microsoft Publisher 2010 Microsoft Publisher 2003 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁: * 不要打开来自可疑源的Publisher文件或意外接收到受信任源的Publisher文件。这些漏洞会在用户打开特制的文件时被利用。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS13-042)以及相应补丁: MS13-042:Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397) 链接:http://technet.microsoft.com/security/bulletin/MS13-042 |
id | SSV:60792 |
last seen | 2017-11-19 |
modified | 2013-05-17 |
published | 2013-05-17 |
reporter | Root |
title | Microsoft Publisher 远程代码执行漏洞(CVE-2013-1329)(MS13-042) |