| VID |
26438 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (969516) for 'Remote Code Execution Vulnerability in Microsoft Publisher' has not been applied. Microsoft Publisher 2007 could allow a remote attacker to execute arbitrary code, caused by a stack-based buffer overflow vulnerability. By constructing a specially crafted Publisher (.pub) file, a remote attacker could potentially execute arbitrary code. The remote Windows host contains a version of Microsoft Office Publisher fails to properly calculate object handler data when opening, importing, or converting files created in versions older than Microsoft Office Publisher 2007, which could lead to memory corruption.
If an attacker can trick a user on the affected system into opening a specially crafted Publisher file with Microsoft Office Publisher, he may be able to leverage this issue to execute arbitrary code subject to the user's privileges.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms09-030.mspx
* Platforms Affected:
Microsoft Office Publisher 2007
Microsoft Windows Any version |
| Recommendation |
Apply the appropriate patch (969516) for your system, as listed in Microsoft Security Bulletin MS09-030 at http://www.microsoft.com/technet/security/bulletin/ms09-030.mspx |
| Related URL |
CVE-2008-0119 (CVE) |
| Related URL |
29158 (SecurityFocus) |
| Related URL |
42102,42103 (ISS) |
|
