(MS10-103) Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
Publish Date: 10 f¨¦vrier 2011
Gravit¨¦: : ?lev¨¦
CVE Identifier: CVE-2010-2569,CVE-2010-2570,CVE-2010-2571,CVE-2010-3954,CVE-2010-3955
Date du conseil: 10 f¨¦vrier 2011
Description
This update resolves vulnerabilities in Microsoft Publisher that could allow remote code execution. An attacker can exploit the vulnerability by opening a specially crafted Publisher file. An attacker could take complete control over an affected system and install programs; view, change, or delete data; or create new user accounts will full user rights. More specifically, this update addresses the vulnerabilities by correcting the way that Microsoft Publisher parses specially crafted Publisher files.
Information Exposure Rating:
For information on patches specific to the affected software, please proceed to the .
live casino online clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):
| Vulnerability ID | Identifier & Title | IDF First Pattern Version | IDF First Pattern Release Version |
|---|---|---|---|
| CVE-2010-2569 | 1004544 - Size Value Heap Corruption in pubconv.dll Vulnerability | 10-038 | Dec 15, 2010 |
| CVE-2010-3955 | 1004545 - Array Indexing Memory Corruption Vulnerability | 10-038 | Dec 15, 2010 |
Solutions
Patch: :
Affected software and version:
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 3
- Microsoft Office 2007 Service Pack 2
- Microsoft Office 2010 (32-bit editions)
- Microsoft Office 2010 (64-bit editions)