CVE-2010-3954

Name of the Vulnerable Software and Affected Versions Microsoft Publisher versions 2002 SP3, 2003 SP3, and 2010

Description A remote code execution issue exists in the way Microsoft Publisher opens Publisher files. An attacker could exploit this by creating a specially crafted Publisher file, which could be sent as an email attachment or hosted on a compromised website, and then convincing the user to open the file. If successfully exploited, an attacker could take complete control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with limited user rights compared to those with administrative rights.

Recommendations For Microsoft Publisher 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Publisher 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Publisher 2010, update to a newer version to mitigate the risk.