CVE-2013-1328

Name of the Vulnerable Software and Affected Versions Microsoft Publisher versions 2003 SP3, 2007 SP3, and 2010 SP1

Description A remote code execution issue exists in the way Microsoft Publisher parses Publisher files, allowing attackers to execute arbitrary code via a crafted file. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with limited user rights compared to those operating with administrative rights.

Recommendations For Microsoft Publisher 2003 SP3, update to a version that fixes the pointer handling issue. For Microsoft Publisher 2007 SP3, update to a version that fixes the pointer handling issue. For Microsoft Publisher 2010 SP1, update to a version that fixes the pointer handling issue.