CVE-2013-1327

Name of the Vulnerable Software and Affected Versions Microsoft Publisher version 2003 SP3

Description The issue is related to an integer signedness error that allows remote attackers to execute arbitrary code via a crafted Publisher file, triggering an improper memory allocation. This is a remote code execution vulnerability that exists in the way Microsoft Publisher parses Publisher files. If successfully exploited, an attacker could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with fewer user rights on the system compared to those operating with administrative user rights.

Recommendations For Microsoft Publisher version 2003 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.