CVE-2008-0104

Name of the Vulnerable Software and Affected Versions Microsoft Office Publisher versions 2000 through 2003 SP2

Description The issue allows remote attackers to execute arbitrary code via a crafted .pub file. A remote code execution vulnerability exists in the way Microsoft Office Publisher validates memory index values. An attacker could exploit the vulnerability by constructing a specially crafted Publisher (.pub) file. When a user views the .pub file, the vulnerability could allow remote code execution, potentially giving the attacker complete control of an affected system, including the ability to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office Publisher versions 2000 through 2003 SP2, consider avoiding the use of .pub files from untrusted sources until a patch is available. As a temporary workaround, restrict access to the vulnerable component that handles .pub files to minimize the risk of exploitation.