Microsoft Publisher Remote Code Execution Vulnerabilities (2607702) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-091.

Impact

Successful exploitation could allow an attacker to execute arbitrary code on the remote system. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://technet.microsoft.com/en-us/security/bulletin/ms11-091/

Insight

The flaw is due to the way Microsoft Publisher parses specially crafted Publisher files, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Publisher file.

Affected

Microsoft Publisher 2003 Service Pack 3 and prior Microsoft Publisher 2007 Service Pack 3 and prior

References

http://support.microsoft.com/kb/2553084
http://support.microsoft.com/kb/2596705
http://technet.microsoft.com/en-us/security/bulletin/ms11-091/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1508, CVE-2011-3410, CVE-2011-3411, CVE-2011-3412
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)

Take action and discover your vulnerabilities