Vulnerabilities > CVE-2014-1759 - Unspecified vulnerability in Microsoft Publisher 2003/2007

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus

Summary

pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Msbulletin

bulletin_idMS14-020
bulletin_url
date2014-04-08T00:00:00
impactRemote Code Execution
knowledgebase_id2950145
knowledgebase_url
severityImportant
titleVulnerability in Microsoft Publisher Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS14-020.NASL
descriptionThe Publisher component of Microsoft Office installed on the remote host is affected by an arbitrary pointer dereference vulnerability. A remote attacker could exploit this issue by tricking a user into opening a specially crafted Publisher file. The attacker could then potentially run arbitrary code as the current user.
last seen2020-04-30
modified2014-04-08
plugin id73417
published2014-04-08
reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/73417
titleMS14-020: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID:66622 CVE ID:CVE-2014-1759 Publisher是微软Office办公软件套件中用于创建、个性化和共享各种出版物和营销材料的工具。 由于pubconv.dll的错误,攻击者可以利用漏洞破坏内存并导致一个无效的值通过一个特制的Publisher文件来解除引用的指针。 0 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2007 Microsoft Office Publisher 2003 Microsoft Office Publisher 2007 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://technet.microsoft.com/en-us/security/bulletin/ms14-020
idSSV:62094
last seen2017-11-19
modified2014-04-09
published2014-04-09
reporterRoot
titleMicrosoft Office Publisher转换指针引用漏洞