Vigil@nce - Microsoft Publisher 2007: memory corruption of pubconv.dll
October 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to insert a malicious Publisher
document into another document, in order to corrupt the memory of
pubconv.dll, which leads to code execution.
Severity: 2/4
Creation date: 13/10/2011
IMPACTED PRODUCTS
– Microsoft Office
– Microsoft Office Publisher
DESCRIPTION OF THE VULNERABILITY
When a Publisher document is inserted into another document, it is
converted by the pubconv.dll library.
A function then copies data coming from the first file to the
memory. However, this copy can overflow. A function pointer is
then overwritten. The execution path of the program is thus
altered.
An attacker can therefore invite the victim to insert a malicious
Publisher document into another document, in order to corrupt the
memory of pubconv.dll, which leads to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-Publisher-2007-memory-corruption-of-pubconv-dll-11060