HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-87
Microsoft Office Publisher 2007 Pointer Dereference Vulnerability

Original Issue Date:July 16, 2009

Severity Rating:High

System Affected

  • 2007 Microsoft Office System Service Pack 1
  • Microsoft Office Publisher 2007 Service Pack 1

Overview

A vulnerability has been reported in Microsoft Office Publisher 2007, which could be exploited by a remote attacker to compromise a vulnerable system through crafted Office files.

Description

This vulnerability is caused by a pointer dereference error when calculating object handler data while opening a Publisher file. A remote user can create a specially crafted Publisher file that, when loaded by the target user, will trigger a pointer dereference and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Workaround

  • Disable the Publisher Converter DLL

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS09-030

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS09-030.mspx

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS09-030.mspx

SecurityFocus
http://www.securityfocus.com/bid/35599/

VUPEN
http://www.vupen.com/english/advisories/2009/1888

SecurityTracker
http://www.securitytracker.com/alerts/2009/Jul/1022546.html

CVE Name
CVE-2009-0566

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003