CVE-2010-3955

Name of the Vulnerable Software and Affected Versions Microsoft Publisher 2002 SP3

Description The issue allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format. A remote code execution vulnerability exists in the way that Microsoft Publisher opens Publisher files. An attacker could exploit the vulnerability by creating a specially crafted Publisher file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site, and then convincing the user to open the specially crafted Publisher file. If a user were logged on with administrative user rights, an attacker who successfully exploited this issue could take complete control of an affected system.

Recommendations For Microsoft Publisher 2002 SP3, at the moment, there is no information about a newer version that contains a fix for this issue.