Every CVE whose affected-product data names Microsoft Publisher, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (43)
CVE-2007-1117 — CVSS 10.0 (critical): Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified…
CVE-2013-1322 — CVSS 10.0 (critical): Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a…
CVE-2013-1319 — CVSS 10.0 (critical): Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute…
CVE-2008-0102 — CVSS 10.0 (critical): Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a…
CVE-2013-1320 — CVSS 10.0 (critical): Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka…
CVE-2013-1318 — CVSS 10.0 (critical): Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an…
CVE-2010-2569 — CVSS 9.3 (critical): pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an…
CVE-2010-2570 — CVSS 9.3 (critical): Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010…
CVE-2010-2571 — CVSS 9.3 (critical): Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to…
CVE-2010-3954 — CVSS 9.3 (critical): Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory…
CVE-2010-3955 — CVSS 9.3 (critical): pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote…
CVE-2011-1508 — CVSS 9.3 (critical): Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows…
CVE-2011-3410 — CVSS 9.3 (critical): Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted…
CVE-2011-3411 — CVSS 9.3 (critical): Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect…
CVE-2011-3412 — CVSS 9.3 (critical): Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that…
CVE-2013-1316 — CVSS 9.3 (critical): Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute…
CVE-2013-1317 — CVSS 9.3 (critical): Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that…
CVE-2004-0200 — CVSS 9.3 (critical): Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows…
CVE-2006-0001 — CVSS 9.3 (critical): Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a…
CVE-2006-3877 — CVSS 9.3 (critical): Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac…
CVE-2007-1754 — CVSS 9.3 (critical): PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows…
CVE-2008-0104 — CVSS 9.3 (critical): Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a…
CVE-2010-0479 — CVSS 9.3 (critical): Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code…
CVE-2013-1321 — CVSS 9.3 (critical): Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute…
CVE-2013-1323 — CVSS 9.3 (critical): Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute…
CVE-2013-1327 — CVSS 9.3 (critical): Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file…
CVE-2013-1328 — CVSS 9.3 (critical): Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that…
CVE-2013-1329 — CVSS 9.3 (critical): Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file…
CVE-2014-1759 — CVSS 9.3 (critical): pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2016-7289 — CVSS 7.8 (high): Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a…
CVE-2017-8725 — CVSS 7.8 (high): A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when…
CVE-2018-8245 — CVSS 7.8 (high): A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when…
CVE-2008-3068 — CVSS 7.5 (high): Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation…
CVE-2004-0573 — CVSS 7.5 (high): Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004…
CVE-2007-6534 — CVSS 6.8 (medium): Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service…