CVE-2017-8725

Name of the Vulnerable Software and Affected Versions Microsoft Publisher versions 2007 Service Pack 3 through 2010 Service Pack 2

Description A remote code execution issue exists due to improper handling of objects in memory. This could allow a remote attacker to execute arbitrary code using specially crafted content. Exploitation requires a user to open a specially crafted file with an affected version of the software.

Recommendations For Microsoft Publisher 2007 Service Pack 3, update to a version that properly handles objects in memory to prevent remote code execution. For Microsoft Publisher 2010 Service Pack 2, update to a version that properly handles objects in memory to prevent remote code execution. As a temporary workaround, consider avoiding the use of specially crafted files that could trigger the vulnerability until a patch is available.