CVE-2014-1759

Name of the Vulnerable Software and Affected Versions Microsoft Publisher versions 2003 SP3 through 2007 SP3

Description A remote code execution issue exists in Microsoft Publisher, related to the processing of specially crafted files. This allows an attacker to execute arbitrary code with the privileges of the current user. If the logged-on user has administrative rights, the attacker could gain complete control over the system, enabling them to install programs, view, change, or delete data, and create new accounts with full user rights.

Recommendations For Microsoft Publisher version 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Publisher version 2007 SP3, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of specially crafted .pub files until a patch is available.