1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: MS Publisher TextBox Processing RCE

Web Attack: MS Publisher TextBox Processing RCE

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects a vulnerability in Microsoft Publisher which may result in remote code execution.

Additional Information

Microsoft Publisher is a desktop publishing application available for Microsoft Windows.

Publisher is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs in the code responsible for converting files from the Publisher 97 format. Specifically, when parsing a Textbox item included in a Publisher 97 file, a buffer overflow may occur.

An attacker can exploit this issue by enticing a victim to open a malicious Publisher file.

Successful exploits would allow an attacker to execute arbitrary code in the context of the currently logged-in user.


  • Microsoft Publisher


The vendor has released an advisory and updates. Please see the references for details.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube