VYPR

Publisher

by Microsoft

CVEs (46)

  • CVE-2007-0671HigKEVFeb 3, 2007
    risk 0.73cvss 8.8epss 0.42

    Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.

  • CVE-2016-7289HigDec 20, 2016
    risk 0.53cvss 7.8epss 0.25

    Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

  • CVE-2018-8245HigJun 14, 2018
    risk 0.52cvss 7.8epss 0.15

    A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher.

  • CVE-2017-8725HigSep 13, 2017
    risk 0.52cvss 7.8epss 0.20

    A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution".

  • CVE-2024-20673HigFeb 13, 2024
    risk 0.51cvss 7.8epss 0.01

    Microsoft Office Remote Code Execution Vulnerability

  • CVE-2022-29107MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.03

    Microsoft Office Security Feature Bypass Vulnerability

  • CVE-2024-38226KEVSep 10, 2024
    risk 0.12cvss epss 0.03

    Microsoft Publisher Security Feature Bypass Vulnerability

  • CVE-2023-21715KEVFeb 14, 2023
    risk 0.12cvss epss 0.12

    Microsoft Publisher Security Feature Bypass Vulnerability

  • CVE-2004-0200Sep 28, 2004
    risk 0.07cvss epss 0.49

    Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length…

  • CVE-2020-0760Apr 15, 2020
    risk 0.03cvss epss 0.09

    A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

  • CVE-2008-0102Feb 12, 2008
    risk 0.03cvss epss 0.37

    Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."

  • CVE-2007-1754Jul 10, 2007
    risk 0.03cvss epss 0.33

    PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization…

  • CVE-2006-0001Sep 12, 2006
    risk 0.03cvss epss 0.40

    Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.

  • CVE-2004-0573Sep 28, 2004
    risk 0.03cvss epss 0.42

    Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.

  • CVE-2013-1329May 15, 2013
    risk 0.02cvss epss 0.21

    Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."

  • CVE-2013-1328May 15, 2013
    risk 0.02cvss epss 0.21

    Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."

  • CVE-2013-1327May 15, 2013
    risk 0.02cvss epss 0.21

    Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."

  • CVE-2013-1323May 15, 2013
    risk 0.02cvss epss 0.21

    Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."

  • CVE-2013-1322May 15, 2013
    risk 0.02cvss epss 0.25

    Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."

  • CVE-2013-1321May 15, 2013
    risk 0.02cvss epss 0.22

    Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."

Page 1 of 3