Title : Microsoft Publisher 2013 memory corruption
Version : Microsoft Office Publisher professional Plus 2013
Date : 2012-11-11
Vendor : http://office.microsoft.com
Impact : Med/High
Contact : coolkaveh [at] rocketmail.com
Twitter : @coolkaveh
tested : Windows 7
###############################################################################
Bug :
----
memory corruption during the handling of the pub files a context-dependent attacker
can execute arbitrary code.
----
################################################################################
(c90.abc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000
ebx=02000147
ecx=5eb37768
edx=00000000
esi=0031d66c
edi=0031d6c0
eip=00000000
esp=0031d99c
ebp=0031d9b0 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246
00000000 ?? \
################################################################################
Proof of concept included.
http://www37.zippyshare.com/v/79789962/file.html
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22655.rar