PT-2013-3074 · Microsoft · Office Publisher

Will Dormann

Published

2013-05-14

Updated

2018-10-12

CVE-2013-1317

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Publisher version 2003 SP3

Description The issue allows remote attackers to execute arbitrary code via a crafted Publisher file, potentially leading to complete control of an affected system. This could enable an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Publisher version 2003 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2013-1317

Affected Products

Office Publisher

PT-2013-3074 · Microsoft · Office Publisher

CVE-2013-1317

Weakness Enumeration

Related Identifiers

Affected Products

References · 7