Check Point Advisories

Update Protection against Microsoft Office Publisher 2007 Remote Code Execution Vulnerability (MS07-037)

Check Point Reference: CPAI-2007-087
Date Published: 6 Aug 2007
Severity: Medium
Last Updated: Thursday 23 August, 2007
Source: Microsoft Security Bulletin MS07-037
Industry Reference:CVE-2007-1754
Protection Provided by:
Who is Vulnerable? Microsoft Office Publisher 2007
Vulnerability Description A remote code execution vulnerability has been reported in Microsoft Publisher. Microsoft Publisher is a desktop publishing application for creating marketing materials, managing customer lists and more. A remote attacker can exploit this vulnerability via a specially crafted .pub file. Successful exploitation may allow execution of arbitrary code on a vulnerable system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS07-037
Vulnerability DetailsThe vulnerability is due to a memory corruption error in Microsoft Publisher that fails to properly handle malformed pages. A remote attacker could trigger this flaw by convincing the victim to open a specially crafted Publisher page (.PUB). Successful exploitation of this issue allows execution of arbitrary code once the malformed page is opened on a vulnerable system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.