HTTP: Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow
This signature detects attempts to exploit a known stack buffer overflow vulnerability in Microsoft Office Publisher. It is due to the way Publisher parses certain values in a Microsoft Publisher file. Remote attackers can exploit this by enticing the target user to open a malicious file. A successful attack can result in execution of arbitrary code within the security context of the currently logged in user. An unsuccessful attempt terminates the affected application abnormally.
Extended Description
Microsoft Publisher is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.
Affected Products
Microsoft publisher_2003
References
BugTraq: 39347
CVE: CVE-2010-0479
URL: http://www.zerodayinitiative.com/advisories/zdi-10-069/
Short Name
HTTP:STC:DL:PUB-TEXTBOX
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2010-0479 Conversion File Microsoft Office Overflow Processing Publisher TextBox bid:39347
Release Date
10/26/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3719
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3