Microsoft Publisher Object Handler Validation Vulnerability

SA30150

CVE-2008-0119

13 May 2008

14 May 2008

Highly Critical

Vendor Patch

Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office Publisher 2003
Microsoft Office Publisher 2007
Microsoft Office XP
Microsoft Publisher 2000
Microsoft Publisher 2002
Microsoft Publisher 2003

From remote

System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

A vulnerability has been reported in Microsoft Publisher, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the object handler when parsing object header data. This can be exploited to corrupt memory via a specially crafted Publisher file.

Successful exploitation may allow execution of arbitrary code.

Apply patches.

Microsoft Publisher 2000 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8675b9b6-fbf0-4ad2-9210-285e2cc10556

Microsoft Publisher 2002 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=df623784-6e26-42c0-9e21-e7960b849e1e

Microsoft Publisher 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=c18b060b-9828-4952-8e80-5328c0832d83

Microsoft Publisher 2003 SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=c18b060b-9828-4952-8e80-5328c0832d83

Microsoft Publisher 2007:
http://www.microsoft.com/downloads/details.aspx?FamilyId=e4b647c2-79a3-49e0-9b1d-741667fdbcca

Microsoft Publisher 2007 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=e4b647c2-79a3-49e0-9b1d-741667fdbcca

cocoruder, Fortinet Security Research.

MS08-027 (KB951208):
http://www.microsoft.com/technet/security/Bulletin/MS08-027.mspx

cocoruder:
http://ruder.cdut.net/blogview.asp?logID=252