===================================================================== CERT-Renater Note d'Information No. 2007/VULN284 _____________________________________________________________________ DATE : 11/07/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows avec Microsoft Publisher ====================================================================== MS07-037 - Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution Affected Software: - Microsoft Publisher 2007 Non-Affected Software: - Microsoft Publisher 2003 - Microsoft Publisher 2002 - Microsoft Publisher 2000 Full MS07-037 advisory: http://www.microsoft.com/technet/security/Bulletin/ms07-037.mspx Vulnerability Details Publisher Invalid Memory Reference Vulnerability - CVE-2007-1754 A remote code execution vulnerability exists in the way Publisher does not adequately clear out memory resources when writing application data from disk to memory. An attacker could exploit the vulnerability by constructing a specially crafted Publisher (.pub) page. When a user views the .pub page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================