Unrated severityNVD Advisory· Published Dec 16, 2010· Updated Apr 29, 2026

CVE-2010-2569

Description

pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."

Affected products

Microsoft/Publisher3 versions
cpe:2.3:a:microsoft:publisher:2002:sp3:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:publisher:2002:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:publisher:2003:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:publisher:2007:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/cas/techalerts/TA10-348A.htmlnvdUS Government Resource
www.securitytracker.com/idnvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11555nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.049
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000