Microsoft Office Publisher has been reported to contain a flaw that results in memory corruption and may allow for remote code execution. Based on the provided crash details and third-party disputes, there is, however, no evidence to support the claims of memory corruption and the possibility of code execution. Instead, the flaw is triggering a NULL pointer dereference error when parsing unspecified data. With a specially crafted PUB file, a context-dependent attacker can cause a crash, but not immediately execute arbitrary code.
Loss of Integrity
Myth / Fake
OSVDB is not aware of a solution for this vulnerability.