Critical flaw found in Publisher

By Steve Malone and Matt Whipp

Posted on 13 Sep 2006 at 11:04

Microsoft's security bulletin and patches are relatively light this month. The company is only addressing three issues concerning its software and only one of these is deemed to be 'critical'.

The critical vulnerability is found in Microsoft Publisher - although only for Publisher 2000.

While Publishers 2002 and 2003 are also affected, their severity is only set to 'Important'. Microsoft admits remote code execution vulnerability exists because Publisher does not perform sufficient data validation when processing the contents of a .pub file. An attacker could exploit this vulnerability because, when Publisher parses a specially crafted file with a malformed string, it can corrupt system memory and allow the attacker to execute arbitrary code.

If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data; or create new accounts with full user rights.

The other two vulnerabilities are within Windows itself. The second 'Important' vulnerability affects Windows 2000 Service Pack 4, XP Service Pack 1, Windows XP Service Pack 2 and Windows Server 2003 for both x86 and Itanium. A second issue involves a reported vulnerability in Reliable Multicast Program (PGM) that could cause a denial of service condition.

Finally, a flaw in the Indexing Service could allow confidential information disclosure because of the way that it handles query validation. The vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site

The September security release will come as a welcome relief to IT managers following hectic July and August schedules. A summary of the update is on the TechNet web site.

However, it's not all - relatively - good news. Although this month's update proved slim pickings, Microsoft has also released updates for previous patches MS06-040 and MS06-042 after further problems were discovered.

What's more, the September bulletins failed to address a known issue with Word 2000 which is already being exploited by the virus community. Security company Secunia described the vulnerability as 'extremely critical' after Trojan code was discovered that downloaded malicious software to infected systems.