9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.912 High
EPSS
Percentile
98.8%
Added: 04/30/2010
CVE: CVE-2010-0479
BID: 39347
OSVDB: 63748
Microsoft Office Publisher, part of the Microsoft Office suite, is a product for creating publications and marketing materials.
A buffer overflow vulnerability allows command execution when a user loads a Publisher 97 file containing a specially crafted Textbox item.
Apply the patch referenced in Microsoft Security Bulletin 10-023.
<http://www.microsoft.com/technet/security/bulletin/ms10-023.mspx>
Exploit works on Microsoft Office Publisher 2007 SP2 and requires a user to open the exploit file.
Windows XP