Vulnerabilities > Microsoft > Publisher > 2007
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-07 | CVE-2008-3068 | Remote Information Disclosure vulnerability in Microsoft Crypto API X.509 Certificate Validation Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. | 7.5 |
2007-12-27 | CVE-2007-6534 | Improper Input Validation vulnerability in Microsoft Publisher Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. | 6.8 |
2007-07-10 | CVE-2007-1754 | Resource Management Errors vulnerability in Microsoft Publisher 2007 PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". | 9.3 |
2007-02-27 | CVE-2007-1117 | Remote Code Execution vulnerability in Microsoft Publisher 2007 Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. | 10.0 |