CVE-2010-2571 — Improper Input Validation in Microsoft Publisher

CWE-20 — Improper Input Validation3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
61.0%
top 1.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Publisher
Timeline
PublishedDec 16
Latest updateMay 14

Description

Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

â–¶NVDmicrosoft/publisher2002, 2003+1

🔴Vulnerability Details

2
GHSA
GHSA-2fjp-hx49-4fqh: Array index error in pubconv↗2022-05-14
â–¶
CVEList
CVE-2010-2571: Array index error in pubconv↗2010-12-16
â–¶
CVE-2010-2571 — Improper Input Validation in Microsoft | cvebase