Microsoft Publisher Remote Code Execution Vulnerability (2292970) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-103.

Impact

Successful exploitation could allow an attacker to execute arbitrary code on the remote system. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx

Insight

The flaw is due to the way Microsoft Publisher parses specially crafted Publisher files, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Publisher file.

Affected

Microsoft Publisher 2010 Microsoft Publisher 2002 Service Pack 3 Microsoft Publisher 2003 Service Pack 3 Microsoft Publisher 2007 Service Pack 2

References

http://support.microsoft.com/kb/2284692
http://support.microsoft.com/kb/2284695
http://support.microsoft.com/kb/2284697
http://support.microsoft.com/kb/2409055
http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2569, CVE-2010-2570, CVE-2010-2571, CVE-2010-3954, CVE-2010-3955
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)
Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)

Take action and discover your vulnerabilities