9.3

CVE-2007-1754

PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftPublisher Version2007
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 32.78% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
http://www.us-cert.gov/cas/techalerts/TA07-191A.html
US Government Resource
http://osvdb.org/35953
http://research.eeye.com/html/advisories/published/AD20070710.html
http://secunia.com/advisories/25988
Vendor Advisory
http://www.securityfocus.com/archive/1/473309/100/0/threaded
http://www.securitytracker.com/id?1018353
http://www.vupen.com/english/advisories/2007/2479
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-037
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1871