CVE-2010-2569
Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 - Remote Code Execution via Crafted Publisher File
Title source: llmDescription
pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
References (4)
Core 4
Core References
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11555
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024885
Scores
EPSS
0.2100
EPSS Percentile
97.3%
Details
CWE
CWE-94
Status
published
Products (3)
microsoft/publisher
2002 sp3
microsoft/publisher
2003 sp3
microsoft/publisher
2007 sp2
Published
Dec 16, 2010
Tracked Since
Feb 18, 2026