Microsoft Publisher Remote Code Execution Vulnerability (2292970) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-103.

Impact

Successful exploitation could allow an attacker to execute arbitrary code on the remote system. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx

Insight

The flaw is due to the way Microsoft Publisher parses specially crafted Publisher files, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Publisher file.

Affected

Microsoft Publisher 2010 Microsoft Publisher 2002 Service Pack 3 Microsoft Publisher 2003 Service Pack 3 Microsoft Publisher 2007 Service Pack 2

References

http://support.microsoft.com/kb/2284692
http://support.microsoft.com/kb/2284695
http://support.microsoft.com/kb/2284697
http://support.microsoft.com/kb/2409055
http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2569, CVE-2010-2570, CVE-2010-2571, CVE-2010-3954, CVE-2010-3955

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
Buffer Overrun in the ListBox and in the ComboBox (824141)
Flaw in Microsoft VM Could Allow Code Execution (810030)
Microsoft DirectShow Remote Code Execution Vulnerability (977935)

Take action and discover your vulnerabilities