Memory Corruption Vulnerability in Microsoft Publisher 2003 and 2007
CVE-2011-3412

Currently unrated

Key Information:

Vendor

Microsoft
Status
Publisher
Vendor
CVE Published:
14 December 2011

What is CVE-2011-3412?

A vulnerability exists in Microsoft Publisher 2003 SP3 and 2007 SP2/SP3 that permits remote attackers to execute arbitrary code through a specially crafted Publisher file. This flaw arises from improper memory handling, which could lead to system compromise. Attackers exploiting this vulnerability could leverage malicious Publisher documents to gain unauthorized access to system resources and perform potentially harmful actions without user consent.

References

http://www.us-cert.gov/cas/techalerts/TA11-347A.html
third-party-advisoryx_refsource_CERT
http://www.kb.cert.org/vuls/id/361441
third-party-advisoryx_refsource_CERT-VN
http://www.securitytracker.com/id?1026414
vdb-entryx_refsource_SECTRACK

EPSS Score

53% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2011-3412 : Memory Corruption Vulnerability in Microsoft Publisher 2003 and 2007