CVE-2013-1317

Published: May 15, 2013Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."

Affected (1)

Products: Microsoft: Publisher

Microsoft

1 product

Publisher

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Publisher	Version 2003 sp3

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (6)

http://www.us-cert.gov/ncas/alerts/TA13-134A

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16548

Source: secure@microsoft.com

http://www.us-cert.gov/ncas/alerts/TA13-134A

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16548

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.