iDefense Security Advisory 07.14.09 - Remote exploitation of an arbitrary pointer dereference vulnerability in version 2007 of Microsoft Corp.'s Publisher could allow an attacker to execute arbitrary code as the user running Publisher. This vulnerability exists in PUBCONV.DLL module in Microsoft Publisher 2007. PUBCONV.DLL module is responsible for converting legacy format Publisher files (.pub) created by older version of Publisher into the Publisher 2007 format. A programming error causes that module to dereference the arbitrary attacker-controlled value as the address of a table of function pointers. This vulnerability allows attackers to execute arbitrary code on the victim's system. iDefense confirmed PUBCONV.DLL (version 12.0.6311.5000) in Microsoft Office Publisher 2007 is vulnerable. Microsoft Office Publisher 2000, 2002 and 2003 do not appear to be affected.
60c1056ccf5f7511507f06c0c4df84e293ba9b8bff333b9f8f1e471bb047683f