CVE-2006-0001

Name of the Vulnerable Software and Affected Versions: Microsoft Publisher versions 2000 through 2003

Description: A stack-based buffer overflow issue allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. This is related to a remote code execution issue that occurs when Publisher parses a file with a malformed string.

Recommendations: For Microsoft Publisher versions 2000 through 2003, consider avoiding the use of crafted PUB files until a patch is available. As a temporary workaround, restrict the parsing of fonts from untrusted sources to minimize the risk of exploitation.