=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN036
_____________________________________________________________________

DATE                      : 13/02/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Office Publisher.

======================================================================

MS08-012 - Critical - Vulnerabilities in Microsoft Office Publisher Could
Allow Remote Code Execution (947085)

    Published: February 12, 2008
    Version: 1.0

    This critical security update resolves two privately reported
    vulnerabilities in Microsoft Office Publisher that could allow remote
    code execution if a user opens a specially crafted Publisher file. An
    attacker who successfully exploited these vulnerabilities could take
    complete control of an affected system. An attacker could then install
    programs; view, change, or delete data; or create new accounts with
    full user rights. Users whose accounts are configured to have fewer
    user rights on the system could be less impacted than users who operate
    with administrative user rights.


Affected Software

    o Microsoft Office 2000 Service Pack 3 - Microsoft Office Publisher
      2000

    o Microsoft Office XP Service Pack 3 - Microsoft Office Publisher 2002

    o Microsoft Office 2003 Service Pack 2 - Microsoft Office Publisher
      2003 Service Pack 2


Vulnerability Information

Publisher Invalid Memory Reference Vulnerability - CVE-2008-0102

    A remote code execution vulnerability exists in the way Microsoft Office
    Publisher validates application data when loading Publisher files to
    memory. An attacker could exploit the vulnerability by constructing a
    specially crafted Publisher (.pub) file. When a user views the .pub
    file, the vulnerability could allow remote code execution. An attacker
    who successfully exploited this vulnerability could take complete
    control of an affected system. An attacker could then install programs;
    view, change, or delete data; or create new accounts with full user
    rights.

Workarounds for Publisher Invalid Memory Reference Vulnerability -
CVE-2008-0102

    o Do not open or save Microsoft Office files that you receive from
      untrusted sources or that you receive unexpectedly from trusted
      sources.  This vulnerability could be exploited when a user opens a
      specially crafted file.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================