VRT Advisories


VRT Rules 2006-09-20

Sourcefire VRT Advisory

Date: 2006-09-12

Synopsis:

The Sourcefire VRT has completed research into a vulnerability affecting Microsoft Publisher documents and has updated the OfficeCat tool to process pub files to determine the presence of possible exploit conditions.

Details:

Microsoft Security Bulletin MS06-054:
Microsoft Publisher contains a programming error that can allow a remote attacker to run code of their choosing on an affected host system via the processing of a malformed .pub file.

The OfficeCat tool has been updated to process Microsoft Publisher files to determine if the file contains possible exploit code for this vulnerability.

OfficeCat tool download

download zip archive here

Instructions for use

  1. Unzip the archive
  2. Open a command shell
  3. Execute the tool executable with a document name for checking

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.