----------------------------------------------------------------------


  Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Microsoft Office Publisher File Parsing Buffer Overflow Vulnerability

SECUNIA ADVISORY ID:
SA39375

VERIFY ADVISORY:
http://secunia.com/advisories/39375/

DESCRIPTION:
A vulnerability has been reported in Microsoft Office Publisher,
which can be exploited by malicious people to compromise a user's
system.

The vulnerability is caused due to a boundary error in the TextBox
conversion functionality for Publisher 97 format files. This can be
exploited to cause a buffer overflow via a specially crafted
Publisher file.

Successful exploitation allows execution of arbitrary code.

SOLUTION:
Apply patches.

Microsoft Office Publisher 2002 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=943b3830-70d5-46c5-bffc-1b494434b5f7

Microsoft Office Publisher 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=7c2f4610-77bb-4d72-847b-1a06c523b137

Microsoft Office Publisher 2007 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=10ca2f71-0ab2-4344-b7fd-bbbd6a783a96

PROVIDED AND/OR DISCOVERED BY:
Lionel d'Hauenens via ZDI.

CHANGELOG:
2010-04-14: Added additional information provided by ZDI.

ORIGINAL ADVISORY:
MS10-023 (KB980466, KB980469, KB980470):
http://www.microsoft.com/technet/security/bulletin/MS10-023.mspx

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-069/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------