CVE-2010-2569: Code Injection
First published: Thu Dec 16 2010(Updated: )
pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Publisher | =2007-sp2 | |
| Microsoft Publisher | =2002-sp3 | |
| Microsoft Publisher | =2003-sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/event
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft publisher
- version/microsoft publisher/2007-sp2
- version/microsoft publisher/2002-sp3
- version/microsoft publisher/2003-sp3