Update Protection against Microsoft Office Publisher pubconv.dll Heap Overrun Vulnerability (MS10-103)
| Check Point Reference: | CPAI-2010-323 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS10-103 | |
| Industry Reference(s): | CVE-2010-2570 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Publisher 2002 SP3
Microsoft Publisher 2003 SP3
Microsoft Publisher 2007 SP2
Microsoft Publisher 2010 (32-bit editions)
Microsoft Publisher 2010 (64-bit editions)
| ||
| Vulnerability Description A heap overrun vulnerability has been reported in Microsoft Publisher. Microsoft Publisher is a desktop publishing application for creating marketing materials, managing customer lists and more. A remote attacker can exploit this issue via a specially crafted Publisher file. Successful exploitation may allow execution of arbitrary code on the vulnerable system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS10-103 |
|
|
Vulnerability Details The vulnerability is due to an error in pubconv.dll, Publisher Converter DLL that is used to open Publisher files created in versions earlier than Microsoft Publisher 2007. A remote attacker could trigger this flaw by convincing the victim to open a specially crafted Publisher file. Successful exploitation of this issue may allow execution of arbitrary code once the malformed file is opened on a vulnerable system. |
Protection Overview
This protection will detect and block the transferring of malformed Publisher files over HTTP.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab, and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.