E11-09103
CVSS:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
False Positive:
f
Variants:
1
Year:
2011
Description
This strike identifies a vulnerability in Microsoft Publisher.Normally the code zeroes out function pointers, however if the NumberofRecords field is not equal to the NumberofRecords2,these values are left in place. Another condition that results in not zeroing out the pointers is a change in the sizeofRecords field.If this field is changed the code will access the next record according to the sizeofRecords value. Either of these conditions will result in malicious values being used in the program.