VYPR
Get started

Publisher

Sign in to watch

by Microsoft

CVEs (36)

CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2007-0671Hig0.748.80.55KEVFeb 3, 2007Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
CVE-2017-8725Hig0.537.80.32Sep 13, 2017A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution".
CVE-2016-7289Hig0.537.80.34Dec 20, 2016Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2004-02000.090.77Sep 28, 2004Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
CVE-2006-00010.060.73Sep 12, 2006Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
CVE-2013-13290.050.59May 15, 2013Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
CVE-2013-13280.050.59May 15, 2013Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
CVE-2013-13270.050.59May 15, 2013Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
CVE-2013-13220.050.61May 15, 2013Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
CVE-2013-13200.050.62May 15, 2013Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
CVE-2013-13190.050.61May 15, 2013Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
CVE-2013-13180.050.61May 15, 2013Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
CVE-2013-13170.050.65May 15, 2013Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
CVE-2013-13160.050.59May 15, 2013Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
CVE-2011-34100.050.58Dec 14, 2011Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
CVE-2010-39550.050.58Dec 16, 2010pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
CVE-2010-39540.050.61Dec 16, 2010Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
CVE-2010-25710.050.61Dec 16, 2010Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
CVE-2010-25700.050.62Dec 16, 2010Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
CVE-2010-25690.050.61Dec 16, 2010pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."