Описание
PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
Ссылки
- Vendor Advisory
- US Government Resource
- Vendor Advisory
- Vendor Advisory
- US Government Resource
- Vendor Advisory
Уязвимые конфигурации
EPSS
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
EPSS
9.3 Critical
CVSS2