CVE-2013-1329

Name of the Vulnerable Software and Affected Versions Microsoft Publisher version 2003 SP3

Description The issue is related to an integer signedness error that allows remote attackers to execute arbitrary code via a crafted Publisher file, triggering a buffer underflow. This vulnerability enables remote code execution when Microsoft Publisher parses Publisher files, potentially allowing an attacker to take complete control of an affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users with limited user rights on the system may be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Publisher version 2003 SP3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.