CVE-2008-0119

Name of the Vulnerable Software and Affected Versions Microsoft Publisher versions in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier

Description The issue allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption. A remote code execution vulnerability exists in the way Microsoft Publisher validates object header data. An attacker could exploit the vulnerability by sending a specially crafted Publisher file, which could be included as an e-mail attachment or hosted on a specially crafted or compromised Web site. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Publisher versions in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier, update to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.