CVE-2010-2569

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
60.9%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: December 16, 2010 (5628 days ago)
Last Modified: April 29, 2026
Vendor: Microsoft
Source: NVD

Description

pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."

CWE

CWE-94

Affected Products

microsoft publisher

References

🔗 www.securitytracker.com 🔗 www.us-cert.gov 🔗 docs.microsoft.com 🔗 oval.cisecurity.org 🔗 www.securitytracker.com