PT-2013-3084 · Microsoft · Office Publisher

Published

2013-05-14

Updated

2018-10-12

CVE-2013-1328

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Publisher versions 2003 SP3, 2007 SP3, and 2010 SP1

Description A remote code execution issue exists in the way Microsoft Publisher parses Publisher files, allowing attackers to execute arbitrary code via a crafted file. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with limited user rights compared to those operating with administrative rights.

Recommendations For Microsoft Publisher 2003 SP3, update to a version that fixes the pointer handling issue. For Microsoft Publisher 2007 SP3, update to a version that fixes the pointer handling issue. For Microsoft Publisher 2010 SP1, update to a version that fixes the pointer handling issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2013-1328

Affected Products

Office Publisher

PT-2013-3084 · Microsoft · Office Publisher

CVE-2013-1328

Related Identifiers

Affected Products

References · 7