Microsoft Publisher Remote Code Execution Vulnerabilities (2607702) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-091.

Impact

Successful exploitation could allow an attacker to execute arbitrary code on the remote system. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://technet.microsoft.com/en-us/security/bulletin/ms11-091/

Insight

The flaw is due to the way Microsoft Publisher parses specially crafted Publisher files, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Publisher file.

Affected

Microsoft Publisher 2003 Service Pack 3 and prior Microsoft Publisher 2007 Service Pack 3 and prior

References

http://support.microsoft.com/kb/2553084
http://support.microsoft.com/kb/2596705
http://technet.microsoft.com/en-us/security/bulletin/ms11-091/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1508, CVE-2011-3410, CVE-2011-3411, CVE-2011-3412

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability
Microsoft DirectShow Remote Code Execution Vulnerability (961373)
Cumulative Security Update for Internet Explorer (937143)
Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)

Take action and discover your vulnerabilities