Lucene search

SAINT CorporationSAINT:C6C6E4F498AC59EB0B90630E1F82137A

HistoryApr 30, 2010 - 12:00 a.m.

Microsoft Publisher File Conversion Textbox buffer overflow

2010-04-3000:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.912 High

EPSS

Percentile

98.8%

JSON

Added: 04/30/2010
CVE: CVE-2010-0479
BID: 39347
OSVDB: 63748

Background

Microsoft Office Publisher, part of the Microsoft Office suite, is a product for creating publications and marketing materials.

Problem

A buffer overflow vulnerability allows command execution when a user loads a Publisher 97 file containing a specially crafted Textbox item.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 10-023.

References

<http://www.microsoft.com/technet/security/bulletin/ms10-023.mspx>

Limitations

Exploit works on Microsoft Office Publisher 2007 SP2 and requires a user to open the exploit file.

Platforms

Windows XP

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.912 High

EPSS

Percentile

98.8%

JSON

Related for SAINT:C6C6E4F498AC59EB0B90630E1F82137A