MS13-042: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)

High Nessus Plugin ID 66417

Synopsis

Microsoft Publisher, a component of Microsoft Office installed on the remote host is affected by multiple vulnerabilities.

Description

The Publisher component of Microsoft Office installed on the remote host is affected by multiple vulnerabilities :

- The application has a negative value allocation vulnerability. (CVE-2013-1316)

- The application has an integer overflow vulnerability.
(CVE-2013-1317)

- The application has a corrupt interface pointer vulnerability. (CVE-2013-1318)

- The application has a return value handling vulnerability. (CVE-2013-1319)

- The application has a buffer overflow vulnerability.
(CVE-2013-1320)

- The application has a return value validation vulnerability. (CVE-2013-1321)

- The application has an invalid range check vulnerability. (CVE-2013-1322)

- The application has an incorrect NULL value handling vulnerability. (CVE-2013-1323)

- The application has a signed integer vulnerability.
(CVE-2013-1327)

- The application has a pointer handling vulnerability.
(CVE-2013-1328)

- The application has a buffer underflow vulnerability.
(CVE-2013-1329)

A remote attacker could exploit these by tricking a user into opening a specially crafted Publisher file, resulting in remote code execution.

Solution

Microsoft has released a set of patches for Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1.

See Also

https://technet.microsoft.com/library/security/ms13-042

Plugin Details

Severity: High

ID: 66417

File Name: smb_nt_ms13-042.nasl

Version: $Revision: 1.7 $

Type: local

Agent: windows

Published: 2013/05/15

Modified: 2017/07/26

Dependencies: 13855, 57033, 27524

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/05/14

Vulnerability Publication Date: 2013/05/14

Reference Information

CVE: CVE-2013-1316, CVE-2013-1317, CVE-2013-1318, CVE-2013-1319, CVE-2013-1320, CVE-2013-1321, CVE-2013-1322, CVE-2013-1323, CVE-2013-1327, CVE-2013-1328, CVE-2013-1329

BID: 59761, 59762, 59763, 59764, 59766, 59767, 59768, 59769, 59770, 58771, 59772

OSVDB: 93304, 93305, 93306, 93307, 93308, 93309, 93310, 93311, 93312, 93313, 93314

MSFT: MS13-042

MSKB: 2810047, 2597971, 2553147