CVE-2016-7289

Name of the Vulnerable Software and Affected Versions Microsoft Publisher 2010 SP2 Microsoft Office (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted document. Multiple remote code execution vulnerabilities exist in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploits the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system, then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Publisher 2010 SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Office, avoid opening specially crafted files with affected versions of Microsoft Office software until a patch is available. Restrict user rights on the system to minimize the risk of exploitation.