Vulnerabilities > Microsoft > Publisher

DATE CVE VULNERABILITY TITLE RISK
2010-04-14 CVE-2010-0479 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Publisher 2002/2003/2007
Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
network
microsoft CWE-119
critical
 9.3
9.3
2008-07-07 CVE-2008-3068 Remote Information Disclosure vulnerability in Microsoft Crypto API X.509 Certificate Validation
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
network
low complexity
microsoft
7.5
7.5
2008-02-12 CVE-2008-0104 Code Injection vulnerability in Microsoft Office and Publisher
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
network
microsoft CWE-94
critical
 9.3
9.3
2008-02-12 CVE-2008-0102 Resource Management Errors vulnerability in Microsoft Publisher 2000/2002/2003
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
network
low complexity
microsoft CWE-399
critical
 10.0
10
2007-12-27 CVE-2007-6534 Improper Input Validation vulnerability in Microsoft Publisher
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
network
microsoft CWE-20
6.8
6.8
2007-07-10 CVE-2007-1754 Resource Management Errors vulnerability in Microsoft Publisher 2007
PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
network
microsoft CWE-399
critical
 9.3
9.3
2007-02-27 CVE-2007-1117 Remote Code Execution vulnerability in Microsoft Publisher 2007
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information.
network
low complexity
microsoft
critical
 10.0
10
2007-02-03 CVE-2007-0671 Remote Code Execution vulnerability in Microsoft Office Malformed String
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
network
microsoft
critical
 9.3
9.3
2006-10-10 CVE-2006-3877 Code Injection vulnerability in Microsoft products
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
network
microsoft CWE-94
critical
 9.3
9.3
2006-09-12 CVE-2006-0001 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Publisher
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
network
microsoft CWE-119
critical
 9.3
9.3