lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3d7a6e870805131752i1493d2ccv2fa0e26ee9ed0983@mail.gmail.com>
Date: Wed, 14 May 2008 08:52:46 +0800
From: cocoruder <cocoruder@...il.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Microsoft Office Publisher PUB File Parsing
	Remote Memory Corruption Vulnerability

/********************************************************************************************
Please join us to pray for the people still in the huge earthquake in
eastern Sichuan, China.
*********************************************************************************************/

Microsoft Office Publisher PUB File Parsing Remote Memory Corruption
Vulnerability

by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net


Summary:

    A memory corruption vulnerability exists in Microsoft Office
Publisher while it is parsing PUB file. An attacker who successfully
exploit this vulnerability can execute arbitrary code on the affected
system.


Affected Software Versions:

    Microsoft Office Publisher 2007 0
    Microsoft Office Publisher 2003 SP3
    Microsoft Office Publisher 2003 SP2
    Microsoft Office Publisher 2002 SP3
    Microsoft Office Publisher 2000 SP3
    Microsoft Office Publisher 2007 SP1



Details:

    Currently there is no details released.



Solution:

    Microsoft has released an advisory for this vulnerability which is
available on:

    http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx



CVE Information:

    CVE-2008-0119



Disclosure Timeline:

    2007.12.10        Vendor notified
    2007.12.10        Vendor responded
    2008.05.13        Coordinated public disclosure		



--EOF--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ