CVE-2010-0479

Name of the Vulnerable Software and Affected Versions Microsoft Office Publisher versions 2002 SP3, 2003 SP3, and 2007 SP1 and SP2

Description A remote code execution issue exists in the way Microsoft Office Publisher opens Publisher files. An attacker could exploit this by creating a specially crafted Publisher file, which could be sent as an e-mail attachment or hosted on a specially crafted or compromised website, and then convincing the user to open the file. If a user is logged on with administrative rights, a successful exploitation could allow an attacker to take complete control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less affected than those operating with administrative rights.

Recommendations For Microsoft Office Publisher 2002 SP3, update to a version that includes the fix for this issue. For Microsoft Office Publisher 2003 SP3, update to a version that includes the fix for this issue. For Microsoft Office Publisher 2007 SP1 and SP2, update to a version that includes the fix for this issue.