Detections
Analytics
MS10-023: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
high Nessus Plugin ID 45510
Language:
Synopsis
The version of Microsoft Office installed on the remote host has a buffer overflow vulnerability.Description
The Publisher component of Microsoft Office installed on the remote host has a buffer overflow vulnerability.A remote attacker could exploit this by tricking a user into opening a specially crafted Publisher file, resulting in remote code execution.
Solution
Microsoft has released a set of patches for Microsoft Office XP, 2003, and 2007.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-023
Plugin Details
Severity: High
ID: 45510
File Name: smb_nt_ms10-023.nasl
Version: 1.24
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 4/13/2010
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:publisher
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/13/2010
Vulnerability Publication Date: 4/13/2010
Exploitable With
Core Impact
Reference Information
CVE: CVE-2010-0479
BID: 39347