Intrusion Prevention

MS.Publisher.Pub.File.Handling.Remote.Code.Execution

Description

This indicates an attack attempt to exploit a Memory Corruption vulnerability in Microsoft Publisher.
The vulnerability is caused by improper handling of specially crafted Publisher (.pub) files. Successful exploitation could lead to remote code execution or a Denial of Service (DoS) condition.

Affected Products

Microsoft Publisher 2000 (Office 2000)
Microsoft Publisher 2002 (Office 2002)
Microsoft Publisher 2003 (Office 2003)

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.
Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the patch available from the website:
http://www.microsoft.com/technet/security/Bulletin/MS06-054.mspx

CVE References

CVE-2006-0001