CVE-2011-3412

Name of the Vulnerable Software and Affected Versions Microsoft Publisher versions 2003 SP3, 2007 SP2, 2007 SP3

Description A remote code execution issue exists due to incorrect memory handling when parsing Publisher files. An attacker can exploit this by creating a specially crafted Publisher file, which could be sent as an email attachment or hosted on a compromised website, and convincing a user to open it. Successful exploitation could allow an attacker to take complete control of an affected system, especially if the user has administrative rights, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Publisher 2003 SP3, update to a version that is not affected by this issue. For Microsoft Publisher 2007 SP2, update to a version that is not affected by this issue. For Microsoft Publisher 2007 SP3, update to a version that is not affected by this issue.