Stack-based Buffer Overflow in Microsoft Publisher by Microsoft
CVE-2006-0001

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Publisher
Vendor: CVE Published:; 12 September 2006

What is CVE-2006-0001?

A stack-based buffer overflow exists in Microsoft Publisher 2000 to 2003, allowing remote attackers to execute arbitrary code via malicious PUB files. This vulnerability is triggered when Publisher improperly handles font parsing, potentially leading to the execution of injected code with the privileges of the user running the application. Users are advised to apply the latest security updates to mitigate the risks associated with this vulnerability.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.kb.cert.org/vuls/id/406236

third-party-advisoryx_refsource_CERT-VN

http://securityreason.com/securityalert/1548

third-party-advisoryx_refsource_SREASON

EPSS Score

73% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2006
Vulnerability Reserved
Nov 9, 2005