VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by a heap corruption error in "pubconv.dll" while trusting a size value from a Publisher document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented.
591d6c511bb8a6f88dba0fe4856dfb099b7d1dc89c130d5503e1e15766321d24