Intrusion PreventionMS.Office.Publisher.QHDR2.Struct.Code.Execution
Description
Microsoft Publisher is a desktop publishing application from Microsoft.
Microsoft released security bulletin MS09-030 to address a vulnerability in Microsoft Publisher 2007:
CVE-2009-0566: Lionel d'Hauenens of Labo Skopia through VeriSign iDefense Labs reported a Pointer Dereference Vulnerability in Microsoft Publisher 2007. This vulnerability exists in PUBCONV.DLL module in Microsoft Publisher 2007. PUBCONV.DLL module is responsible for converting legacy format Publisher files (.pub) created by older version of Publisher into the Publisher 2007 format. A programming error causes that module to dereference the arbitrary attacker-controlled value as the address of a table of function pointers. This vulnerability allows attackers to execute arbitrary code on the victim's system. An attacker could exploit the vulnerability by creating a specially crafted Publisher file that could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.
Affected Products
Microsoft Office 2007 Service Pack 1
Impact
This vulnerability could allow remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption.
Recommended Actions
Apply the patch, available from the vendor's web site:
http://www.microsoft.com/technet/security/Bulletin/MS09-030.mspx
For FortiGate IPS users, turning on the IPS signature MS.Office.Publisher.QHDR2.Code.Execution can prevent exploitation of this vulnerability.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 17578 |
| Created | Jul 14, 2009 |
| Updated | Jan 13, 2022 |
| Risk |
|
| CVE ID | CVE-2009-0566 |
| Exploit Prediction Score | 63.15% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | MS_Office |