CVE-2011-3410

Name of the Vulnerable Software and Affected Versions Microsoft Publisher versions 2003 SP3, 2007 SP2, 2007 SP3

Description A remote code execution issue exists in the way Microsoft Publisher parses Publisher files, allowing attackers to execute arbitrary code via a crafted file. This is due to incorrect handling of values in memory. An attacker could exploit this by creating a specially crafted Publisher file, which could be sent as an email attachment or hosted on a compromised website, and then convincing a user to open the file. If successfully exploited, an attacker could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact is more significant for users with administrative rights.

Recommendations For Microsoft Publisher 2003 SP3, update to a version that includes the fix for this issue. For Microsoft Publisher 2007 SP2, update to a version that includes the fix for this issue. For Microsoft Publisher 2007 SP3, update to a version that includes the fix for this issue.