HTTP: Microsoft Publisher CVE-2016-7289 Remote Code Execution
A memory corruption vulnerability has been reported Microsoft Office software. The vulnerability are due toimproper handling of certain objects in memory. A remote attacker could exploit the vulnerability by enticing a victim user to open a maliciously crafted document. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user
Extended Description
Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
Affected Products
Microsoft publisher
References
CVE: CVE-2016-7289
Short Name
HTTP:STC:IE:MS-MEM-CORRUPT-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2016-7289 Code Execution Microsoft Publisher Remote
Release Date
12/13/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3415
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3