Vulnerabilities > CVE-2014-1759 - Remote Code Execution vulnerability in Microsoft Publisher 2003/2007
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Msbulletin
| bulletin_id | MS14-020 |
| bulletin_url | |
| date | 2014-04-08T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 2950145 |
| knowledgebase_url | |
| severity | Important |
| title | Vulnerability in Microsoft Publisher Could Allow Remote Code Execution |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS14-020.NASL |
| description | The Publisher component of Microsoft Office installed on the remote host is affected by an arbitrary pointer dereference vulnerability. A remote attacker could exploit this issue by tricking a user into opening a specially crafted Publisher file. The attacker could then potentially run arbitrary code as the current user. |
| last seen | 2020-04-30 |
| modified | 2014-04-08 |
| plugin id | 73417 |
| published | 2014-04-08 |
| reporter | This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/73417 |
| title | MS14-020: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145) |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID:66622 CVE ID:CVE-2014-1759 Publisher是微软Office办公软件套件中用于创建、个性化和共享各种出版物和营销材料的工具。 由于pubconv.dll的错误,攻击者可以利用漏洞破坏内存并导致一个无效的值通过一个特制的Publisher文件来解除引用的指针。 0 Microsoft Office 2003 Professional Edition Microsoft Office 2003 Small Business Edition Microsoft Office 2003 Standard Edition Microsoft Office 2003 Student and Teacher Edition Microsoft Office 2007 Microsoft Office Publisher 2003 Microsoft Office Publisher 2007 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://technet.microsoft.com/en-us/security/bulletin/ms14-020 |
| id | SSV:62094 |
| last seen | 2017-11-19 |
| modified | 2014-04-09 |
| published | 2014-04-09 |
| reporter | Root |
| title | Microsoft Office Publisher转换指针引用漏洞 |