Array Indexing Memory Corruption Vulnerability (CVE-2010-3955)

  Severity: CRITICAL
  CVE Identifier: CVE-2010-3955
  Advisory Date: JUL 21, 2015

  DESCRIPTION

pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1004545
  Trend Micro Deep Security DPI Rule Name: 1004545 - Array Indexing Memory Corruption Vulnerability (CVE-2010-3955)

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Publisher 2002

Featured Stories