Lucene search
+L
MicrosoftPublisher

43 matches found

cve
cve
added 2023/06/17 12:29 a.m.1165 views

CVE-2023-28295

CVE-2023-28295 is a Microsoft Publisher remote code execution vulnerability affecting Publisher components (notably Publisher 2013) with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL attack vector, requiring user interaction. The issue is addressed by Microsoft security updates (e.g., KB5002213 ...

7.8CVSS7.7AI score0.00742EPSS
cve
cve
added 2024/02/13 6:2 p.m.385 views

CVE-2024-20673

CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...

7.8CVSS7.7AI score0.01187EPSS
cve
cve
added 2024/09/10 4:53 p.m.385 views

CVE-2024-38226

CVE-2024-38226 is a Microsoft Publisher security feature bypass vulnerability that enables bypass of Mark of the Web protections. The issue affects Microsoft Publisher (and related Office components) and stems from a security feature bypass in MOWeb, allowing files downloaded from the Internet to...

7.3CVSS8.2AI score0.02667EPSS
In wild
cve
cve
added 2023/06/17 12:29 a.m.323 views

CVE-2023-28287

CVE-2023-28287 is a Microsoft Publisher Remote Code Execution vulnerability affecting Publisher 2013. The public details in the provided documents indicate exploitation could yield a high-impact breach if a user opens a malicious Publisher file, with a CVSS base score of 7.8 (HIGH) and a Local, l...

7.8CVSS7.7AI score0.00742EPSS
cve
cve
added 2020/04/15 3:12 p.m.207 views

CVE-2020-0760

CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...

8.8CVSS8.5AI score0.0861EPSS
cve
cve
added 2022/05/10 8:34 p.m.179 views

CVE-2022-29107

CVE-2022-29107 is a Microsoft Office security feature bypass vulnerability reported across Office components (Word/Office C2R). Connected sources describe a vulnerability that allows bypassing security features and performing unauthorized actions, with security updates issued in May 2022 (C2R/Wor...

5.5CVSS5.6AI score0.02708EPSS
cve
cve
added 2004/09/17 4:0 a.m.157 views

CVE-2004-0200

CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...

9.3CVSS7.6AI score0.49024EPSS
cve
cve
added 2011/12/14 12:0 a.m.136 views

CVE-2011-1508

CVE-2011-1508 affects Microsoft Publisher 2003 SP3 and Microsoft Publisher 2007 SP2/SP3. Root cause: PubConv.dll mishandles memory for function pointers during parsing of Publisher files, enabling a remote attacker to execute arbitrary code via a crafted Publisher file. The issue is tied to MS11-...

9.3CVSS7.5AI score0.14451EPSS
cve
cve
added 2015/11/11 11:0 a.m.114 views

CVE-2015-2503

CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...

9.3CVSS6.8AI score0.1684EPSS
cve
cve
added 2006/10/10 10:0 p.m.100 views

CVE-2006-3877

PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...

9.3CVSS7.1AI score0.12509EPSS
cve
cve
added 2007/02/03 1:0 a.m.96 views

CVE-2007-0671

CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...

9.3CVSS7.5AI score0.42139EPSS
In wild
cve
cve
added 2010/12/16 7:0 p.m.87 views

CVE-2010-2569

CVE-2010-2569 concerns a heap corruption flaw in pubconv.dll (Publisher Converter DLL) used by Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2. The vulnerability occurs when Publisher files with an unspecified or mis-sized value are parsed, potentially enabling remote code execution or a den...

9.3CVSS7.7AI score0.21001EPSS
cve
cve
added 2017/09/13 1:0 a.m.85 views

CVE-2017-8725

CVE-2017-8725 affects Microsoft Publisher 2007 SP3 and Publisher 2010 SP2, where improper handling of objects in memory can allow a specially crafted file to execute arbitrary code in the context of the current user. The vulnerability enables remote code execution and requires user interaction (o...

9.3CVSS7.8AI score0.19589EPSS
cve
cve
added 2011/12/14 12:0 a.m.77 views

CVE-2011-3410

Summary: CVE-2011-3410 describes an out-of-bounds/indexing vulnerability in Microsoft Publisher components of Office (notably Publisher 2003 SP3 and Publisher 2007 SP2/SP3) that could allow remote code execution when a user opens a specially crafted Publisher file. Root cause: Improper handling o...

9.3CVSS7.5AI score0.28059EPSS
cve
cve
added 2018/06/14 12:0 p.m.76 views

CVE-2018-8245

CVE-2018-8245 (Microsoft Publisher RCE) is a remote code execution flaw in Microsoft Publisher caused by failure to lock down the Local Machine zone when instantiating OLE objects. Affected product: Publisher (Publisher 2010 SP2 noted in related materials). The root cause is improper handling of ...

7.8CVSS6.7AI score0.15416EPSS
cve
cve
added 2011/12/14 12:0 a.m.73 views

CVE-2011-3411

CVE-2011-3411 affects Microsoft Publisher via parsing of specially crafted Publisher files. The vulnerability, described as an invalid pointer/memory handling issue , enables remote code execution when a user opens a crafted .pub file. Affected product in the public description is Publisher 2003 ...

9.3CVSS7.5AI score0.27634EPSS
cve
cve
added 2006/09/12 11:0 p.m.72 views

CVE-2006-0001

CVE-2006-0001 is a stack-based buffer overflow in Microsoft Publisher 2000–2003 triggered by parsing a crafted .pub font string, allowing a user-assisted remote attacker to execute arbitrary code. The vulnerability arises from insufficient validation during Publisher’s processing of Publisher doc...

9.3CVSS7.8AI score0.40018EPSS
cve
cve
added 2016/12/20 5:54 a.m.72 views

CVE-2016-7289

CVE-2016-7289 corresponds to a memory corruption/remote code execution vulnerability in Microsoft Office components, notably Microsoft Publisher 2010 SP2. The issue arises from improper handling of objects in memory when parsing crafted documents, allowing an attacker to run arbitrary code or cau...

9.3CVSS7.9AI score0.25146EPSS
cve
cve
added 2008/07/07 11:0 p.m.68 views

CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...

7.5CVSS6.7AI score0.17404EPSS
cve
cve
added 2013/05/15 1:0 a.m.67 views

CVE-2013-1329

CVE-2013-1329 concerns multiple remote-code-execution vulnerabilities in Microsoft Publisher components (notably Publisher 2003 SP3) triggered by specially crafted Publisher files. The core issue is described as an integer signedness error leading to a buffer underflow, enabling arbitrary code ex...

9.3CVSS7.7AI score0.20766EPSS
cve
cve
added 2011/12/14 12:0 a.m.65 views

CVE-2011-3412

CVE-2011-3412 affects Microsoft Publisher components in Office: Publisher 2003 SP3 and Publisher 2007 SP2/SP3. The vulnerability is a remote code execution caused by incorrect memory handling while processing crafted .pub files, enabling an attacker to run arbitrary code with the caller’s privile...

9.3CVSS7.5AI score0.26683EPSS
cve
cve
added 2004/09/17 4:0 a.m.61 views

CVE-2004-0573

CVE-2004-0573 describes a buffer overflow in the Microsoft WordPerfect 5.x Converter used by Office 2000, Office XP, Office 2003, and Works Suite 2001–2004. The overflow occurs when reading an overly long WordPerfect 5.x document, allowing a remote attacker to execute arbitrary code with the priv...

7.5CVSS7.8AI score0.42337EPSS
cve
cve
added 2007/07/10 10:0 p.m.60 views

CVE-2007-1754

CVE-2007-1754: Microsoft Office Publisher 2007 contains a memory handling flaw in pubconv.dll when transferring data from disk to memory, enabling remote code execution via a crafted .pub file. Connected advisories (MS07-037) confirm a remote code execution vulnerability and describe mitigations ...

9.3CVSS7.4AI score0.32782EPSS
cve
cve
added 2010/12/16 7:0 p.m.60 views

CVE-2010-2571

CVE-2010-2571 is a memory corruption vulnerability in Microsoft Publisher 2002 SP3 and Microsoft Publisher 2003 SP3 caused by an array indexing error in the pubconv.dll (Publisher Converter DLL) when processing malformed Publisher 97 files. It enables remote code execution if a user opens a craft...

9.3CVSS7.5AI score0.21773EPSS
cve
cve
added 2010/12/16 7:0 p.m.60 views

CVE-2010-3955

CVE-2010-3955 concerns a memory corruption in Microsoft Publisher 2002 SP3 caused by an array indexing error in pubconv.dll (Publisher Converter DLL). A crafted Publisher file can trigger this vulnerability, enabling remote code execution on the affected system. Microsoft addressed this with secu...

9.3CVSS7.5AI score0.18927EPSS
cve
cve
added 2008/02/12 10:0 p.m.59 views

CVE-2008-0102

CVE-2008-0102 is a Microsoft Office Publisher vulnerability (MS08-012) involving remote code execution via crafted .pub files. Affected: Publisher 2000 SP3, Publisher 2002 SP3, Publisher 2003 SP2. The issue (Publisher Invalid Memory Reference) stems from improper validation/loading of memory valu...

10CVSS7.4AI score0.36907EPSS
cve
cve
added 2013/05/15 1:0 a.m.59 views

CVE-2013-1316

CVE-2013-1316 corresponds to a Microsoft Publisher 2003 SP3 vulnerability where a crafted Publisher file triggers a negative value allocation due to improper validation of an array size, enabling remote code execution. The related entries describe multiple related weaknesses in Publisher (includi...

9.3CVSS7.6AI score0.21814EPSS
cve
cve
added 2013/05/15 1:0 a.m.58 views

CVE-2013-1322

Microsoft Publisher 2003 SP3 is affected by CVE-2013-1322, a remote code execution vulnerability caused by improper validation of table range data in Publisher files. A crafted Publisher document can trigger arbitrary code execution in the context of the logged-in user. The issue is part of a bro...

10CVSS7.6AI score0.25262EPSS
cve
cve
added 2010/12/16 7:0 p.m.57 views

CVE-2010-3954

CVE-2010-3954 corresponds to multiple memory corruption vulnerabilities in Microsoft Publisher (2002 SP3, 2003 SP3, and 2010). The issue is triggered when handling malformed Publisher files, allowing remote attackers to execute arbitrary code or cause a denial of service. The underlying root caus...

9.3CVSS7.7AI score0.20833EPSS
cve
cve
added 2013/05/15 1:0 a.m.55 views

CVE-2013-1321

CVE-2013-1321 affects Microsoft Publisher 2003 (including SP3) with a return-value handling/validation flaw that can allow remote code execution when a user opens a crafted Publisher file. Connected sources confirm multiple related vulnerabilities in the Publisher component (e.g., CVE-2013-1316 t...

9.3CVSS7.6AI score0.21704EPSS
cve
cve
added 2013/05/15 1:0 a.m.55 views

CVE-2013-1327

CVE-2013-1327 is an integer signedness error in Microsoft Publisher 2003 SP3 that allows remote code execution when a user opens a crafted Publisher file, due to an improper memory allocation. The issue is part of a set of vulnerabilities (MS13-042) affecting Publisher components across Office re...

9.3CVSS7.5AI score0.20766EPSS
cve
cve
added 2008/02/12 10:0 p.m.52 views

CVE-2008-0104

CVE-2008-0104 is the Publisher Memory Corruption vulnerability in Microsoft Office Publisher 2000 SP3, 2002 SP3, and 2003 SP2. A remote attacker can execute arbitrary code by convincing a user to open a specially crafted .pub file; the attacker could gain full control of the affected system. Micr...

9.3CVSS7.5AI score0.28948EPSS
cve
cve
added 2010/12/16 7:0 p.m.52 views

CVE-2010-2570

CVE-2010-2570 : A heap-based buffer overflow in pubconv.dll (Publisher Converter DLL) of Microsoft Publisher affects 2002 SP3, 2003 SP3, 2007 SP2, and 2010. A crafted Publisher file using an old format can trigger arbitrary code execution remotely. The issue is documented under MS10-103, which pr...

9.3CVSS8AI score0.25106EPSS
cve
cve
added 2013/05/15 1:0 a.m.52 views

CVE-2013-1317

CVE-2013-1317 describes an integer overflow in Microsoft Publisher 2003 SP3 that allows remote code execution when a user opens a specially crafted Publisher file, caused by an improper allocation-size calculation. Public references note multiple related Publisher vulnerabilities (2830397 family)...

9.3CVSS7.8AI score0.20872EPSS
cve
cve
added 2014/04/08 9:0 p.m.52 views

CVE-2014-1759

CVE-2014-1759 affects Microsoft Publisher 2003 SP3 and Publisher 2007 SP3 via the pubconv.dll component. The root cause is an (uninitialized/incorrect) pointer dereference when parsing crafted .pub files, enabling remote code execution or causing application crash (DoS). The vulnerability is trac...

9.3CVSS7.7AI score0.14254EPSS
cve
cve
added 2010/04/14 3:44 p.m.51 views

CVE-2010-0479

CVE-2010-0479 is a remote-code-execution vulnerability in Microsoft Office Publisher (2002 SP3, 2003 SP3, 2007 SP1/SP2) caused by a buffer overflow in the Publisher file conversion TextBox processing. An attacker could trigger code execution by enticing a user to open a specially crafted Publishe...

9.3CVSS7.7AI score0.23415EPSS
cve
cve
added 2013/05/15 1:0 a.m.50 views

CVE-2013-1319

CVE-2013-1319 concerns Microsoft Office Publisher, specifically Publisher 2003 SP3 (and related SPs/versions) where a return-value handling vulnerability in an unspecified method allows remote code execution when a user opens a crafted Publisher file. The vulnerability is part of a set of issues ...

10CVSS7.6AI score0.25065EPSS
cve
cve
added 2013/05/15 1:0 a.m.50 views

CVE-2013-1323

Microsoft Publisher (Office Publisher) Remote Code Execution vulnerability CVE-2013-1323 arises from incorrect NULL value handling when processing unspecified data items in Publisher files. Affected products, per sources, include Microsoft Publisher 2003 SP2/SP3, 2007 SP3, and 2010 SP1 (32/64‑bit...

9.3CVSS7.7AI score0.20766EPSS
cve
cve
added 2007/12/27 11:0 p.m.49 views

CVE-2007-6534

CVE-2007-6534 involves multiple unspecified vulnerabilities in Microsoft Office Publisher that allow a user‑assisted remote attacker to cause an application crash by processing a crafted PUB file, potentially involving WordArt. Affected product: Microsoft Office Publisher. Vulnerable functionalit...

6.8CVSS6.9AI score0.11055EPSS
cve
cve
added 2013/05/15 1:0 a.m.49 views

CVE-2013-1318

CVE-2013-1318 affects Microsoft Publisher (e.g., Publisher 2003 SP3) and allows remote code execution when a user opens a specially crafted Publisher file that triggers an invalid pointer/corrupt interface pointer condition. Exploitation details are provided in related advisories; patches exist (...

10CVSS7.6AI score0.26168EPSS
cve
cve
added 2013/05/15 1:0 a.m.49 views

CVE-2013-1328

CVE-2013-1328 affects Microsoft Publisher components: Publisher 2003 SP3, 2007 SP3, and 2010 SP1. It enables remote code execution when a user opens a specially crafted Publisher file, due to an incorrect pointer handling vulnerability in Publisher. Exploitation could allow arbitrary code executi...

9.3CVSS7.6AI score0.20766EPSS
cve
cve
added 2013/05/15 1:0 a.m.47 views

CVE-2013-1320

CVE-2013-1320 (and related CVEs 2013-1316 to 2013-1329) describe multiple buffer/memory‑corruption vulnerabilities in Microsoft Office Publisher components. The published data indicate a remote code execution risk when a user opens a specially crafted Publisher file, affecting Publisher 2003 SP2/...

10CVSS7.8AI score0.29027EPSS
cve
cve
added 2007/02/27 2:0 a.m.40 views

CVE-2007-1117

Technical details are not publicly available in the provided documents. Monitor for updates.

10CVSS7.4AI score0.17777EPSS