CVE-2010-2571

Name of the Vulnerable Software and Affected Versions Microsoft Publisher versions 2002 SP3 through 2003 SP3

Description A remote code execution issue exists in the way Microsoft Publisher opens Publisher files. This could be exploited by an attacker creating a specially crafted Publisher file, which could be sent as an email attachment or hosted on a compromised website, and then convincing a user to open the file. If the user has administrative rights, the attacker could gain complete control of the system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights may be less affected.

Recommendations For Microsoft Publisher 2002 SP3, update to a version that is not affected by this issue. For Microsoft Publisher 2003 SP3, update to a version that is not affected by this issue. As a temporary workaround, consider restricting the use of the pubconv.dll until a patch is available. Avoid opening specially crafted Publisher files from untrusted sources.