CVE-2010-2569

Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 - Remote Code Execution via Crafted Publisher File

Title source: llm
STIX 2.1

Description

pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."

References (4)

Core 4
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11555
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024885

Scores

EPSS 0.2100
EPSS Percentile 97.3%

Details

CWE
CWE-94
Status published
Products (3)
microsoft/publisher 2002 sp3
microsoft/publisher 2003 sp3
microsoft/publisher 2007 sp2
Published Dec 16, 2010
Tracked Since Feb 18, 2026