CVE-2010-0479Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Publisher

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
43.4%
top 2.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Publisher
Timeline
PublishedApr 14
Latest updateMay 2

Description

Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/publisher2002, 2003, 2007+2

🔴Vulnerability Details

2
GHSA
GHSA-jcc3-24pc-wmg9: Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted2022-05-02
CVEList
CVE-2010-0479: Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted2010-04-14

💬Community

2
Bugzilla
CVE-2010-1129 CVE-2010-1130 php: safe_mode / open_basedir security fixes in 5.2.13/5.3.22010-03-28
Bugzilla
CVE-2010-1128 php: LCG entropy weakness2010-03-28
CVE-2010-0479 — Microsoft Publisher vulnerability | cvebase