Remote Code Execution in Microsoft Publisher by Microsoft
CVE-2011-3411

Currently unrated

Key Information:

Vendor: Microsoft
Status: Publisher
Vendor: CVE Published:; 14 December 2011

What is CVE-2011-3411?

Microsoft Publisher 2003 SP3 contains a vulnerability that can be exploited by remote attackers to execute arbitrary code. This occurs through specially crafted Publisher files that manipulate memory handling, leading to possible unauthorized actions on the victim's system. Users of the affected versions should apply the security updates provided by Microsoft to mitigate these risks.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA11-347A.html

third-party-advisoryx_refsource_CERT

http://www.kb.cert.org/vuls/id/361441

third-party-advisoryx_refsource_CERT-VN

EPSS Score

53% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 14, 2011
Vulnerability Reserved
Sep 9, 2011