Vigil@nce - Microsoft Publisher: multiple vulnerabilities
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious file with
Publisher, in order to execute code on his computer.
Impacted products: Office, Publisher
Severity: 2/4
Creation date: 14/05/2013
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Microsoft Publisher.
An attacker can generate a buffer overflow, in order to trigger a
denial of service, and possibly to execute code. [severity:2/4;
BID-59761, CVE-2013-1316]
An attacker can generate an integer overflow, in order to trigger
a denial of service, and possibly to execute code. [severity:2/4;
BID-59762, CVE-2013-1317]
An attacker can generate a memory corruption, in order to trigger
a denial of service, and possibly to execute code. [severity:2/4;
BID-59764, CVE-2013-1318]
An unknown vulnerability was announced. [severity:2/4; BID-59766,
CVE-2013-1319]
An attacker can generate a buffer overflow, in order to trigger a
denial of service, and possibly to execute code. [severity:2/4;
BID-59763, CVE-2013-1320]
An unknown vulnerability was announced. [severity:2/4; BID-59767,
CVE-2013-1321]
An attacker can generate a memory corruption, in order to trigger
a denial of service, and possibly to execute code. [severity:2/4;
BID-59768, CVE-2013-1322]
An attacker can dereference a NULL pointer, in order to trigger a
denial of service. [severity:1/4; BID-59769, CVE-2013-1323]
An attacker can generate an integer overflow, in order to trigger
a denial of service, and possibly to execute code. [severity:2/4;
BID-59770, CVE-2013-1327]
An attacker can generate a memory corruption, in order to trigger
a denial of service, and possibly to execute code. [severity:2/4;
BID-59771, CVE-2013-1328]
An attacker can generate a buffer overflow, in order to trigger a
denial of service, and possibly to execute code. [severity:2/4;
BID-59772, CVE-2013-1329]
An attacker can therefore invite the victim to open a malicious
file with Publisher, in order to execute code on his computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-Publisher-multiple-vulnerabilities-12820