Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft Publisher Memory Corruption Vulnerability
Date Discovered: 02/12/2008
Severity: High
Applications Affected: Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Office 2003 SP2
Synopsis
A memory corruption vulnerability exists in the way Microsoft Office Publisher validates application data when loading Publisher files to memory.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx
Threat Analysis
Microsoft Publisher does not correctly validate application data or memory index values when loading Publisher files to memory.

An attacker could exploit the vulnerability by constructing a specially crafted Publisher .pub file. When a user views the .pub file, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0102
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0104

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Product Division of Tech Mahindra Limited | Privacy Policy | Site Map