Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0001

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-0001
Last Modified 07 Mar 2011 09:29:09
Published 12 Sep 2006 07:07:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0001

Summary

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.

Vulnerable Systems

Application

  • Microsoft Office 2000

  • Microsoft Office 2003

  • Microsoft Office Xp

  • Microsoft Publisher 2000

  • Microsoft Publisher 2002

  • Microsoft Publisher 2003


References

CERT - TA06-255A

CERT-VN - VU#406236

BID - 19951

BUGTRAQ - 20060912 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability

MS - MS06-054

MISC - http://www.computerterrorism.com/research/ct12-09-2006-2.htm

SECUNIA - 21863

XF - publisher-pub-code-execution(28648)

VUPEN - ADV-2006-3565

HP - SSRT061187

HP - HPSBST02134

SECTRACK - 1016825

SREASON - 1548


Last Updated: 27 May 2016 10:41:28