OSVDB ID: 86767

Title: Microsoft Office Publisher Read Access Violation PUB File Handling Memory Corruption

Info

Disclosure

Oct 28, 2012

Discovery

Unknown

Dates

Exploit

Oct 28, 2012

Solution

Unknown

Description

Microsoft Office Publisher has been reported to contain a flaw that results in memory corruption and may allow for remote code execution. Based on the provided crash details and third-party disputes, there is, however, no evidence to support the claims of memory corruption and the possibility of code execution. Instead, the flaw is triggering a NULL pointer dereference error when parsing unspecified data. With a specially crafted PUB file, a context-dependent attacker can cause a crash, but not immediately execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: None Required
Exploit: Exploit Public
Disclosure: Vendor Disputed, Uncoordinated Disclosure
OSVDB: Myth / Fake

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Microsoft Corporation

Publisher

2010

References

Exploit Database: 22310
Vendor URL: http://office.microsoft.com/en-au/
Mail List Post: http://seclists.org/fulldisclosure/2012/Oct/211
http://seclists.org/fulldisclosure/2012/Oct/213
http://seclists.org/fulldisclosure/2012/Oct/220

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86767