43 matches found
CVE-2023-28295
CVE-2023-28295 is a Microsoft Publisher remote code execution vulnerability affecting Publisher components (notably Publisher 2013) with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL attack vector, requiring user interaction. The issue is addressed by Microsoft security updates (e.g., KB5002213 ...
CVE-2024-20673
CVE-2024-20673 is a Microsoft Office remote code execution vulnerability tracked across multiple office-product advisories. Public docs show high-severity risk (CVSS v3.1: 7.8), with exploitation described as a remote code execution requiring local access and user interaction in some vectors. Con...
CVE-2024-38226
CVE-2024-38226 is a Microsoft Publisher security feature bypass vulnerability that enables bypass of Mark of the Web protections. The issue affects Microsoft Publisher (and related Office components) and stems from a security feature bypass in MOWeb, allowing files downloaded from the Internet to...
CVE-2023-28287
CVE-2023-28287 is a Microsoft Publisher Remote Code Execution vulnerability affecting Publisher 2013. The public details in the provided documents indicate exploitation could yield a high-impact breach if a user opens a malicious Publisher file, with a CVSS base score of 7.8 (HIGH) and a Local, l...
CVE-2020-0760
CVE-2020-0760 is a remote code execution vulnerability affecting Microsoft Office products (Word/Excel/PowerPoint/Visio) via improper loading of arbitrary type libraries. The root cause is how Office loads type libraries, which could allow an attacker to execute arbitrary code in the context of t...
CVE-2022-29107
CVE-2022-29107 is a Microsoft Office security feature bypass vulnerability reported across Office components (Word/Office C2R). Connected sources describe a vulnerability that allows bypassing security features and performing unauthorized actions, with security updates issued in May 2022 (C2R/Wor...
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2011-1508
CVE-2011-1508 affects Microsoft Publisher 2003 SP3 and Microsoft Publisher 2007 SP2/SP3. Root cause: PubConv.dll mishandles memory for function pointers during parsing of Publisher files, enabling a remote attacker to execute arbitrary code via a crafted Publisher file. The issue is tied to MS11-...
CVE-2015-2503
CVE-2015-2503 is an Office Elevation of Privilege vulnerability that can be triggered via a crafted web site loaded in Internet Explorer to bypass sandbox protections and gain privileges. The initial CVE entry lists Microsoft Office 2007–2016 products (Word, Excel, PowerPoint, Access, InfoPath, V...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2010-2569
CVE-2010-2569 concerns a heap corruption flaw in pubconv.dll (Publisher Converter DLL) used by Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2. The vulnerability occurs when Publisher files with an unspecified or mis-sized value are parsed, potentially enabling remote code execution or a den...
CVE-2017-8725
CVE-2017-8725 affects Microsoft Publisher 2007 SP3 and Publisher 2010 SP2, where improper handling of objects in memory can allow a specially crafted file to execute arbitrary code in the context of the current user. The vulnerability enables remote code execution and requires user interaction (o...
CVE-2011-3410
Summary: CVE-2011-3410 describes an out-of-bounds/indexing vulnerability in Microsoft Publisher components of Office (notably Publisher 2003 SP3 and Publisher 2007 SP2/SP3) that could allow remote code execution when a user opens a specially crafted Publisher file. Root cause: Improper handling o...
CVE-2018-8245
CVE-2018-8245 (Microsoft Publisher RCE) is a remote code execution flaw in Microsoft Publisher caused by failure to lock down the Local Machine zone when instantiating OLE objects. Affected product: Publisher (Publisher 2010 SP2 noted in related materials). The root cause is improper handling of ...
CVE-2011-3411
CVE-2011-3411 affects Microsoft Publisher via parsing of specially crafted Publisher files. The vulnerability, described as an invalid pointer/memory handling issue , enables remote code execution when a user opens a crafted .pub file. Affected product in the public description is Publisher 2003 ...
CVE-2006-0001
CVE-2006-0001 is a stack-based buffer overflow in Microsoft Publisher 2000–2003 triggered by parsing a crafted .pub font string, allowing a user-assisted remote attacker to execute arbitrary code. The vulnerability arises from insufficient validation during Publisher’s processing of Publisher doc...
CVE-2016-7289
CVE-2016-7289 corresponds to a memory corruption/remote code execution vulnerability in Microsoft Office components, notably Microsoft Publisher 2010 SP2. The issue arises from improper handling of objects in memory when parsing crafted documents, allowing an attacker to run arbitrary code or cau...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...
CVE-2013-1329
CVE-2013-1329 concerns multiple remote-code-execution vulnerabilities in Microsoft Publisher components (notably Publisher 2003 SP3) triggered by specially crafted Publisher files. The core issue is described as an integer signedness error leading to a buffer underflow, enabling arbitrary code ex...
CVE-2011-3412
CVE-2011-3412 affects Microsoft Publisher components in Office: Publisher 2003 SP3 and Publisher 2007 SP2/SP3. The vulnerability is a remote code execution caused by incorrect memory handling while processing crafted .pub files, enabling an attacker to run arbitrary code with the caller’s privile...
CVE-2004-0573
CVE-2004-0573 describes a buffer overflow in the Microsoft WordPerfect 5.x Converter used by Office 2000, Office XP, Office 2003, and Works Suite 2001–2004. The overflow occurs when reading an overly long WordPerfect 5.x document, allowing a remote attacker to execute arbitrary code with the priv...
CVE-2007-1754
CVE-2007-1754: Microsoft Office Publisher 2007 contains a memory handling flaw in pubconv.dll when transferring data from disk to memory, enabling remote code execution via a crafted .pub file. Connected advisories (MS07-037) confirm a remote code execution vulnerability and describe mitigations ...
CVE-2010-2571
CVE-2010-2571 is a memory corruption vulnerability in Microsoft Publisher 2002 SP3 and Microsoft Publisher 2003 SP3 caused by an array indexing error in the pubconv.dll (Publisher Converter DLL) when processing malformed Publisher 97 files. It enables remote code execution if a user opens a craft...
CVE-2010-3955
CVE-2010-3955 concerns a memory corruption in Microsoft Publisher 2002 SP3 caused by an array indexing error in pubconv.dll (Publisher Converter DLL). A crafted Publisher file can trigger this vulnerability, enabling remote code execution on the affected system. Microsoft addressed this with secu...
CVE-2008-0102
CVE-2008-0102 is a Microsoft Office Publisher vulnerability (MS08-012) involving remote code execution via crafted .pub files. Affected: Publisher 2000 SP3, Publisher 2002 SP3, Publisher 2003 SP2. The issue (Publisher Invalid Memory Reference) stems from improper validation/loading of memory valu...
CVE-2013-1316
CVE-2013-1316 corresponds to a Microsoft Publisher 2003 SP3 vulnerability where a crafted Publisher file triggers a negative value allocation due to improper validation of an array size, enabling remote code execution. The related entries describe multiple related weaknesses in Publisher (includi...
CVE-2013-1322
Microsoft Publisher 2003 SP3 is affected by CVE-2013-1322, a remote code execution vulnerability caused by improper validation of table range data in Publisher files. A crafted Publisher document can trigger arbitrary code execution in the context of the logged-in user. The issue is part of a bro...
CVE-2010-3954
CVE-2010-3954 corresponds to multiple memory corruption vulnerabilities in Microsoft Publisher (2002 SP3, 2003 SP3, and 2010). The issue is triggered when handling malformed Publisher files, allowing remote attackers to execute arbitrary code or cause a denial of service. The underlying root caus...
CVE-2013-1321
CVE-2013-1321 affects Microsoft Publisher 2003 (including SP3) with a return-value handling/validation flaw that can allow remote code execution when a user opens a crafted Publisher file. Connected sources confirm multiple related vulnerabilities in the Publisher component (e.g., CVE-2013-1316 t...
CVE-2013-1327
CVE-2013-1327 is an integer signedness error in Microsoft Publisher 2003 SP3 that allows remote code execution when a user opens a crafted Publisher file, due to an improper memory allocation. The issue is part of a set of vulnerabilities (MS13-042) affecting Publisher components across Office re...
CVE-2008-0104
CVE-2008-0104 is the Publisher Memory Corruption vulnerability in Microsoft Office Publisher 2000 SP3, 2002 SP3, and 2003 SP2. A remote attacker can execute arbitrary code by convincing a user to open a specially crafted .pub file; the attacker could gain full control of the affected system. Micr...
CVE-2010-2570
CVE-2010-2570 : A heap-based buffer overflow in pubconv.dll (Publisher Converter DLL) of Microsoft Publisher affects 2002 SP3, 2003 SP3, 2007 SP2, and 2010. A crafted Publisher file using an old format can trigger arbitrary code execution remotely. The issue is documented under MS10-103, which pr...
CVE-2013-1317
CVE-2013-1317 describes an integer overflow in Microsoft Publisher 2003 SP3 that allows remote code execution when a user opens a specially crafted Publisher file, caused by an improper allocation-size calculation. Public references note multiple related Publisher vulnerabilities (2830397 family)...
CVE-2010-0479
CVE-2010-0479 is a remote-code-execution vulnerability in Microsoft Office Publisher (2002 SP3, 2003 SP3, 2007 SP1/SP2) caused by a buffer overflow in the Publisher file conversion TextBox processing. An attacker could trigger code execution by enticing a user to open a specially crafted Publishe...
CVE-2014-1759
CVE-2014-1759 affects Microsoft Publisher 2003 SP3 and Publisher 2007 SP3 via the pubconv.dll component. The root cause is an (uninitialized/incorrect) pointer dereference when parsing crafted .pub files, enabling remote code execution or causing application crash (DoS). The vulnerability is trac...
CVE-2013-1319
CVE-2013-1319 concerns Microsoft Office Publisher, specifically Publisher 2003 SP3 (and related SPs/versions) where a return-value handling vulnerability in an unspecified method allows remote code execution when a user opens a crafted Publisher file. The vulnerability is part of a set of issues ...
CVE-2013-1323
Microsoft Publisher (Office Publisher) Remote Code Execution vulnerability CVE-2013-1323 arises from incorrect NULL value handling when processing unspecified data items in Publisher files. Affected products, per sources, include Microsoft Publisher 2003 SP2/SP3, 2007 SP3, and 2010 SP1 (32/64‑bit...
CVE-2007-6534
CVE-2007-6534 involves multiple unspecified vulnerabilities in Microsoft Office Publisher that allow a user‑assisted remote attacker to cause an application crash by processing a crafted PUB file, potentially involving WordArt. Affected product: Microsoft Office Publisher. Vulnerable functionalit...
CVE-2013-1318
CVE-2013-1318 affects Microsoft Publisher (e.g., Publisher 2003 SP3) and allows remote code execution when a user opens a specially crafted Publisher file that triggers an invalid pointer/corrupt interface pointer condition. Exploitation details are provided in related advisories; patches exist (...
CVE-2013-1328
CVE-2013-1328 affects Microsoft Publisher components: Publisher 2003 SP3, 2007 SP3, and 2010 SP1. It enables remote code execution when a user opens a specially crafted Publisher file, due to an incorrect pointer handling vulnerability in Publisher. Exploitation could allow arbitrary code executi...
CVE-2013-1320
CVE-2013-1320 (and related CVEs 2013-1316 to 2013-1329) describe multiple buffer/memory‑corruption vulnerabilities in Microsoft Office Publisher components. The published data indicate a remote code execution risk when a user opens a specially crafted Publisher file, affecting Publisher 2003 SP2/...
CVE-2007-1117
Technical details are not publicly available in the provided documents. Monitor for updates.