CVE-2008-0102

Name of the Vulnerable Software and Affected Versions Microsoft Office Publisher versions 2000 through 2003 SP2

Description The issue allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid memory values. A remote code execution vulnerability exists in the way Microsoft Office Publisher validates application data when loading Publisher files to memory. An attacker could exploit the vulnerability by constructing a specially crafted Publisher (.pub) file. When a user views the .pub file, the vulnerability could allow remote code execution, potentially giving the attacker complete control of an affected system, including the ability to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office Publisher versions 2000 through 2003 SP2, consider avoiding the use of .pub files from untrusted sources until a patch is available. As a temporary workaround, restrict access to the memory values validation component to minimize the risk of exploitation.