CVE-2010-2569

Name of the Vulnerable Software and Affected Versions Microsoft Publisher versions 2002 SP3 through 2007 SP2

Description The issue arises from the improper handling of an unspecified size field in certain older file formats by the pubconv.dll in Microsoft Publisher. This can lead to heap memory corruption, allowing remote attackers to execute arbitrary code or cause a denial of service. A remote code execution vulnerability exists in the way Microsoft Publisher parses Publisher files, which could be exploited by an attacker creating a specially crafted Publisher file. If successfully exploited, an attacker could take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights, especially if the user has administrative rights.

Recommendations For Microsoft Publisher 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Publisher 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Publisher 2007 SP2, update to a newer version to mitigate the risk.