---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Microsoft Publisher Code Execution Vulnerability SECUNIA ADVISORY ID: SA21863 VERIFY ADVISORY: http://secunia.com/advisories/21863/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Office 2000 http://secunia.com/product/24/ Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/ Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/ Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/ Microsoft Office XP http://secunia.com/product/23/ Microsoft Publisher 2000 http://secunia.com/product/29/ Microsoft Publisher 2002 http://secunia.com/product/30/ Microsoft Publisher 2003 http://secunia.com/product/10986/ DESCRIPTION: A vulnerability has been reported in Microsoft Publisher, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a memory corruption error in Publisher when parsing ".pub" files with malformed strings and can be exploited via a specially crafted document. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office 2000 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=461A126B-596F-4E84-99FD-03554AC55213 Microsoft Office XP SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=0356B9FB-2CD5-4A50-95F6-54846D39B6EA Microsoft Office 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=2EEB43F1-E2B6-4B78-98A1-E8B04242438A PROVIDED AND/OR DISCOVERED BY: The vendor credits Stuart Pearson, Computer Terrorism. ORIGINAL ADVISORY: MS06-054 (KB910729): http://www.microsoft.com/technet/security/Bulletin/MS06-054.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------