|
|
CVE Reference: CVE-2007-1754 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-1754 |
|
|
Description: PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". |
|
|
CVE Status: Candidate |
|
|
References: ST 1018353 SAID Secunia Advisory: SA25988 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1871 MS http://www.microsoft.com/technet/security/Bulletin/ms07-037.mspx MISC http://research.eeye.com/html/advisories/published/AD20070710.html HP http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html CERT http://www.us-cert.gov/cas/techalerts/TA07-191A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/473309/100/0/threaded |
|
| Return to the previous page. |
