Vulnerability-Lookup

CERTA-2006-AVI-389

Vulnerability from certfr_avis - Published: 2006-09-13 - Updated: 2006-09-13

Une vulnérabilité a été identifiée dans certaines versions de l'application Microsoft Publisher. Une personne malveillante pourrait construire une fichier exploitant cette vulnérabilité, afin d'exécuter du code arbitraire sur le système où le document sera ouvert.

Description

Publisher est une application fournie par Microsoft servant à la publication de documents (logiciel PAO, pour publication assistée par ordinateur).

Une vulnérabilité a été identifiée dans ce dernier. Il ne contrôlerait pas de manière correcte certaines chaînes de caractères malformées dans des fichiers au format .pub.

Une personne malveillante pourrait construire une fichier exploitant cette vulnérabilité, afin d'exécuter du code arbitraire sur le système où le document sera ouvert.

Solution

Se référer au bulletin de sécurité MS06-054 de Microsoft pour l'application des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Office Publisher 2000 fourni dans la suite Microsoft Office 2000 Service Pack 3 ;
Microsoft	Office	Office Publisher 2002 fourni dans la suite Microsoft Office XP Service Pack 3 ;
Microsoft	Office	Office Publisher 2003 fourni dans la suite Microsoft Office 2003 Service Pack 1 et Service Pack 2.

References

Title

Publication Time

CVE-2006-0001 (GCVE-0-2006-0001)

Vulnerability from cvelistv5 – Published: 2006-09-12 23:00 – Updated: 2024-08-07 16:18

Summary

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.kb.cert.org/vuls/id/406236	third-party-advisoryx_refsource_CERT-VN
	http://securityreason.com/securityalert/1548	third-party-advisoryx_refsource_SREASON
	http://securitytracker.com/id?1016825	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/19951	vdb-entryx_refsource_BID
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA06-255A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/21863	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/446630/100…	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2006/3565	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/445824/100…	mailing-listx_refsource_BUGTRAQ
	http://www.computerterrorism.com/research/ct12-09…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/446630/100…	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:18:20.726Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:590",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A590"
          },
          {
            "name": "VU#406236",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/406236"
          },
          {
            "name": "1548",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1548"
          },
          {
            "name": "1016825",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016825"
          },
          {
            "name": "19951",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19951"
          },
          {
            "name": "MS06-054",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-054"
          },
          {
            "name": "TA06-255A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
          },
          {
            "name": "21863",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21863"
          },
          {
            "name": "publisher-pub-code-execution(28648)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28648"
          },
          {
            "name": "SSRT061187",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
          },
          {
            "name": "ADV-2006-3565",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3565"
          },
          {
            "name": "20060912 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445824/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.computerterrorism.com/research/ct12-09-2006-2.htm"
          },
          {
            "name": "HPSBST02134",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:590",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A590"
        },
        {
          "name": "VU#406236",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/406236"
        },
        {
          "name": "1548",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1548"
        },
        {
          "name": "1016825",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016825"
        },
        {
          "name": "19951",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19951"
        },
        {
          "name": "MS06-054",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-054"
        },
        {
          "name": "TA06-255A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
        },
        {
          "name": "21863",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21863"
        },
        {
          "name": "publisher-pub-code-execution(28648)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28648"
        },
        {
          "name": "SSRT061187",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
        },
        {
          "name": "ADV-2006-3565",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3565"
        },
        {
          "name": "20060912 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445824/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.computerterrorism.com/research/ct12-09-2006-2.htm"
        },
        {
          "name": "HPSBST02134",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-0001",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:590",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A590"
            },
            {
              "name": "VU#406236",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/406236"
            },
            {
              "name": "1548",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1548"
            },
            {
              "name": "1016825",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016825"
            },
            {
              "name": "19951",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19951"
            },
            {
              "name": "MS06-054",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-054"
            },
            {
              "name": "TA06-255A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
            },
            {
              "name": "21863",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21863"
            },
            {
              "name": "publisher-pub-code-execution(28648)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28648"
            },
            {
              "name": "SSRT061187",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
            },
            {
              "name": "ADV-2006-3565",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3565"
            },
            {
              "name": "20060912 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445824/100/0/threaded"
            },
            {
              "name": "http://www.computerterrorism.com/research/ct12-09-2006-2.htm",
              "refsource": "MISC",
              "url": "http://www.computerterrorism.com/research/ct12-09-2006-2.htm"
            },
            {
              "name": "HPSBST02134",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-0001",
    "datePublished": "2006-09-12T23:00:00",
    "dateReserved": "2005-11-09T00:00:00",
    "dateUpdated": "2024-08-07T16:18:20.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted